This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

February 2026

This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

We are excited to introduce the latest features and enhancements in Endor Labs.

Endor Labs now supports container reachability, which determines which OS packages in a container image are used at runtime and marks them as Reachable, Potentially Reachable, or Unreachable. This helps you prioritize remediation for dependencies that are actually exercised during execution.

Endor Labs supports two container reachability modes based on how your workload runs and its runtime dependencies.

  • Basic reachability: Profiles the container locally during the scan. Use when the application has no external dependencies.
  • Instrumented reachability: Runs the image in your real environment with an embedded sensor to capture runtime behavior. Use when the workload requires databases, queues, or other external services.

For more information, see Container reachability and Instrumented container reachability.

Endor Labs now supports Bazel aspects to improve dependency resolution accuracy in Bazel workspaces. Endor Labs automatically discovers and applies the appropriate rules for your project, and also supports custom aspects for projects with custom build rules.

For more information, see Bazel aspects.

Endor Labs now supports AI-powered analysis for SAST findings to automatically classify them as true positives or false positives. The AI agent analyzes code context, traces data flows, and evaluates security controls to reduce false positives, helping security teams and developers focus on genuine security vulnerabilities. AI SAST analysis features require a Code Pro license.

For more information, see SAST scan with AI analysis.

The Endor Labs Bitbucket Cloud App now supports automated pull request scanning for security vulnerabilities, policy violations, and exposed secrets. You can also configure PR comments directly on your pull requests when issues are detected, helping developers address security concerns before merging code.

For more information, see Bitbucket Cloud App PR scans.

You can now use search for notifications using the policy name or Jira issue key, and also apply filters to narrow down notifications by time range, projects, notification channels, or error status. This helps you quickly locate specific notifications, identify patterns across your security events, and efficiently manage notification workflows.

For more information, see Notifications.

Endor Labs now features a redesigned interface with updated navigation, layout, and workflows, making it easier to find and manage your security data. For more information, see Endor Labs user interface.

DroidGPT has been removed from the product. For AI-powered help with findings and scan errors, use the Endor AI Chat in the application.