Deploy Endor Labs

Learn various methods to deploy the Endor Labs application across your repositories and pipelines.

You can perform the following scans with the Endor Labs application.

You can start with Monitoring scans to gain the initial visibility and then advance to CI scans to achieve comprehensive and actionable results.

Monitoring or supervisory scans

Perform monitoring scans to gain fast and broad visibility over open source risks across the application portfolio without requiring integrations into application pipelines. These scans are conducted periodically and can also establish baselines that are subsequently used during CI scans.

  • GitHub App monitoring scan: You can perform this scan if you use GitHub. Use Endor Labs GitHub App to scan your GitHub organizations. It provides broad visibility over your GitHub organizations. Once installed, the GitHub App will automatically clone and scan all the repositories every 24 hours, providing continuous monitoring for open source vulnerabilities. These repositories are temporarily cloned and retained only during the scan. See Scan using the GitHub App.

  • Local monitoring scan: Perform periodic scans in your local environment. You must provide the necessary computing resources to run the scans. These scans are not restricted to GitHub and can support any type of Git repository. See Set up Jenkins pipeline for supervisory scans.

CI scans

CI Scans are used to focus teams’ attention and establish development workflows on the most actionable results, prioritizing the development team’s time. CI Scans can be triggered directly from automated CI/CD pipelines, looking for new vulnerabilities relative to the baseline established for the target branch. These CI Scans provide immediate feedback to developers in the form of PR comments and can also enforce policies to break builds, block PRs, send notifications, open tickets, and more. CI scans are the most actionable method to prevent vulnerabilities from entering your repositories.

Perform CI scans using:

See scanning strategies to learn techniques for effectively scanning and monitoring different versions of your projects with Endor Labs.

Scan from IDE

Use Endor Labs Visual Studio Plugin extension to perform early security reviews and mitigate the need for expensive fixes during later stages of development. The extension helps developers fix code at its origin phase and during the early stages of development without running the endorctl scan. See Scan from your IDE.