To automatically scan the PRs when they are raised, set the pull request preferences during the installation of the GitHub App or GitHub App (Pro). You can also edit the integration preferences afterward to enable PR scanning.
The Endor Labs GitHub App provides a scan report with details about scan failures. The report includes warning and error logs, recommended actions when available, and a link to the full scan history for additional context.
To view the scan report:
- Open the pull request where the scan failed.
- Click on the three vertical dots and select View Details from the Endor Labs Automated Scan to view the scan report.
View PR scan findings
To view the PR scan findings:
- Sign in to Endor Labs.
- Select Projects from the left sidebar.
- Search for and select the project.
- Select PR runs to view the PR scan findings.
PR Runs captures the commit ID, Commit SHA, the referenced branch, its findings, and the tags added to the scan as configured in the policies. Select the specific PR scan to view its findings in detail.
GitHub PR comments
You can enable GitHub PR comments during the initial setup of the GitHub App or GitHub App (Pro), or by editing an existing integration. Once enabled, Endor Labs automatically adds comments to pull requests when policy violations are detected in the PR scans. See Pull Request comments for more information.