This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

October 2024

We are excited to introduce the latest features and enhancements in Endor Labs.

New features

Scan Java projects without pom.xml

You can now scan Java projects that do not have a pom.xml file. This feature enables Endor Labs to scan a non-Maven and non-Gradle Java artifact, and provide the list of unresolved dependencies, resolved dependencies, and dependency tree. You can set the environment variables ENDOR_JVM_USE_ARTIFACT_SCAN,ENDOR_JVM_USE_ARTIFACT_SCAN_CLASSPATH, and ENDOR_JVM_FIRST_PARTY_PACKAGE to facilitate the scan of such projects. See Scan projects without pom.xml for more information.

Export multiple package versions in SBOM

You can now export multiple package versions in an SBOM through endorctl with the new command options --package-version-uuids, --project-uuid, and --project-name. This feature allows aggregating multiple package versions across one or many projects in a single SBOM file. See Export multiple package versions in SBOM for more information.

Enhancements

Auto detection of build tools

You can enable auto detection of build tools for their projects based on the manifest files present in the repository. Auto detection is supported for Long Term Support (LTS) versions of Java, Python, Go, and .NET (C#) projects. See Enable auto detection for more information.

Jira integration

When integrating Jira with Endor Labs, you can:

  • Specify an issue type from the custom Jira project such as Bug, Task, Epic, Story, or any other value when raising a Jira ticket. This enables efficient categorization and tracking of issues within the project.
  • Configure the integration to define custom fields with appropriate values, that align with your organization’s workflows. For instance, you can create key-value pairs like Source = Endor Labs to associate specific information with each Jira ticket raised from Endor Labs.

See Set up Jira integration with Endor Labs for more information.

Support for Bazel with Gazelle in vendored mode in Go projects

Endor Labs now supports scanning Go projects that use Bazel with Gazelle in vendored mode. See Scan Go projects using Bazel with Gazelle in vendored mode

Kotlin 2.0 Support

Endor Labs has extended Kotlin support to include version 2.0. With this enhancement, Endor Labs supports Kotlin projects from version 1.4 to 2.0.

Name change from SCPM to RSPM

Endor Labs now uses RSPM (Repository Security Posture Management) as the standard terminology for all SCPM (Source Code Posture Management) policies and findings across the user interface and documentation. Previously, both RSPM and SCPM were used interchangeably.