Global flags and environment variables
Every command-line flag has a corresponding environment variable that can be set instead of the flag, either directly in your environment or in a dedicated configuration file.
See config-path description in Global Flags and Variables and Set environment variables for details.
To set a command-line flag on the endorctl scan command you can specify the flag with a leading -- for full flag names or a leading - for short flag aliases. If applicable, input arguments are specified after the flag and separated from it with either a blank space or a = character. For example, to set the output-type specify --output-type json or -o=json. If the input argument is a list, then the list elements are separated by a , character, for example --languages=go,python.
Global flags and variables
The following Global flags are supported and configurable for any endorctl command.
| Flag | Environment Variable | Type | Description |
|---|---|---|---|
api |
ENDOR_API |
string | Set the API URL for the Endor Labs Application (default https://api.endorlabs.com). |
api-key |
ENDOR_API_CREDENTIALS_KEY |
string | Set the API key used to authenticate with Endor Labs. |
api-secret |
ENDOR_API_CREDENTIALS_SECRET |
string | Set the secret corresponding to the API key used to authenticate with Endor Labs. |
aws-role-arn |
ENDOR_AWS_CREDENTIALS_ROLE_ARN |
string | Set the target role ARN for AWS based authentication. AWS authentication is only enabled if this flag is set. See our AWS Keyless Authentication Docs for details. |
bypass-host-check |
ENDOR_BYPASS_HOST_CHECK |
boolean (default:false) | Bypass the check that verifies that the host machine is correctly set up to use endorctl. |
config-path |
ENDOR_CONFIG_PATH |
string | Set the local file system path to the Endor Labs config directory containing your Endor Labs environment variables. By default, set to $HOME/.endorctl/config.yaml. |
enable-azure-managed-identity |
ENDOR_AZURE_CREDENTIALS_MANAGED_IDENTITY_ENABLE |
boolean (default:false) | Enable keyless authentication using Azure VM managed identity system tokens. |
enable-github-action-token |
ENDOR_GITHUB_ACTION_TOKEN_ENABLE |
boolean (default:false) | Enable keyless authentication using GitHub Action OIDC tokens. See the GitHub documentation on configuring OpenID Connect in cloud providers for details. |
gcp-service-account |
ENDOR_GCP_CREDENTIALS_SERVICE_ACCOUNT |
string | Set the target service account for GCP based authentication. GCP authentication is only enabled if this flag is set. |
log-level |
ENDOR_LOG_LEVEL |
string | Set the log level. Set to debug for debug logs. See also the --verbose flag. |
namespace |
ENDOR_NAMESPACE |
string | Set to the namespace of the project that you are working with. |
token |
ENDOR_TOKEN |
string | Set the authentication token used to authenticate with Endor Labs. |
verbose |
ENDOR_LOG_VERBOSE |
boolean (default:false) | Enable verbose logging. |
version |
Not applicable | Display the endorctl client version. |
|
| Not applicable | ENDOR_JS_ENABLE_TSSERVER |
boolean (default:false) | Set this environment variable to true to view call graphs for JavaScript/TypeScript projects. |
| Not applicable | ENDOR_JS_PACKAGE_MANAGER |
string | Set this environment variable to npm, yarn, pnpm, or lerna to override auto detection and force endorctl to use a specific JavaScript package manager. |
| Not applicable | ENDOR_SCAN_SEMGREP_PROGRAM |
string | Set the scan engine to use for SAST scans. Supported values are semgrep and opengrep. The default value is opengrep. You can set this value to semgrep to use Semgrep with Endor Labs. See Use Semgrep with Endor Labs for more information. |
| Not applicable | ENDOR_SCAN_ENABLE_PRECOMPUTED_CALLGRAPHS |
boolean (default:false) | Enable pre-computed reachability analysis to analyze your application based on analysis of how your direct dependencies interact with the software they rely on. This provides faster analysis and serves as a fallback when traditional reachability analysis fails. Supported all languages that support reachability except for Golang. |
Set endorctl environment variables
To set an environment variable run the following command.
export <environment variable>=<value>
For example to set the environment variable ENDOR_TOKEN to “mytoken” run the following command.
export ENDOR_TOKEN=mytoken
Feedback
Was this page helpful?
Thanks for the feedback. Write to us at support@endor.ai to tell us more.
Thanks for the feedback. Write to us at support@endor.ai to tell us more.