This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

CI/CD tools

Identify the CI/CD tools used in your software development environment.

Endor Labs automatically discovers and identifies the CI/CD tools used in your organization based on your source code and source code management system configuration, giving you insight into your software development environment posture.

Scan for CI/CD tools

If you are using the Github App, CI/CD tools discovery is automatic. If you want to scan a particular repository for CI/CD tools, make sure that you are authenticated and then run the command:

endorctl scan --path=/path/to/your/repo --tools

Note: To include GitHub application data you must also set the --github flag and provide a GitHub token with read:org access.

View the CI/CD tools detected

To view the CI/CD tool coverage in all projects:

  • Sign in to the Endor Labs application.
  • Navigate to CI/CD > Tools on the left sidebar to view the list of all your projects and tools detected, grouped by tool category.
  • Use Search to look for specific projects.
  • Use Tool Categories to filter the search results by tool category.
  • Use Tools to filter the search results by tool name.
  • Click on the Settings Gear Icon in the top-right corner of the table to configure which columns you want to see.
  • Select a project to navigate to the Tools section for the specific project, where you can view details and evidence of how the tool is used in the project.
    • Click on the Drawer Icon at the right end of a row to view the details for the corresponding tool.
    • Tools are identified based on a range of different patterns, from file names and file content, to webhooks and GitHub applications.

View the supported CI/CD tools and patterns used to detect them

To view the patterns that are used to detect the various CI/CD tools:

  1. Sign in to the Endor Labs application.
  2. Navigate to Policies on the left sidebar.
  3. Navigate to the CI/CD RULES tab to see the list of supported CI/CD tools and the corresponding category mapping.
  4. Click on the vertical ellipsis at the right end of a row and select View Rule to see the tool pattern definition.

Create finding policies for CI/CD tools

See CI/CD finding policies for details on how to create finding policies for CI/CD tools.