Finding policies
Learn about finding policies and how to use them.
Policies are rules that allow you to customize the behavior of the Endor Labs scan.
You can use policies to:
Endor Labs comes with various out-of-the-box policies that enable you to quickly get started with the product. Policy templates are available to help you easily create custom findings and configure workflows around known vulnerabilities, outdated, unmaintained, or unused software dependencies, license risks, code review guidelines, repository configurations, and more.
Note: See also configure policy settings.
You can also write policies from scratch using Rego policy language and customize policies based on organizational rules and needs.
You can set up the following types of policies in Endor Labs.
Finding policies - Enable or disable out-of-the-box features and create custom finding policies to identify and raise findings for issues in your development environment. For example, you can create a finding policy to raise findings for missing, unknown, problematic, or incompatible licenses.
Exception policies - Identify findings that should be exempt from action policies. For example, you can create an exception policy to automatically dismiss all findings found in the serverless-dns
package.
Action policies - Define the system behavior and set up workflows when a finding with a given set of properties is raised. For example, you can create an action policy to create a Jira task when packages with outdated dependencies are included in your projects.
Remediation policies - Define the conditions to remediate findings when an upgrade is available. For example, you can apply remediation when a low risk upgrade is available.
Policies are essential to define risk tolerance, set automated rules for open source components, check your repository or organization configuration, and more.
Learn about finding policies and how to use them.
Learn about exception policies and how to use them.
Learn about action policies and how to use them.
Learn about remediation policies and how to use them.
Learn about tagging projects to manage policies in Endor Labs
Was this page helpful?
Thanks for the feedback. Write to us at support@endor.ai to tell us more.
Thanks for the feedback. Write to us at support@endor.ai to tell us more.