February 2024

We are excited to introduce you to the latest version of Endor Labs and endorctl - v 1.6.137. This release includes the following new features.

Sign up for Endor Labs’ Free trial

Discover the power of Endor Labs and the endorctl CLI with our brand-new 30-day free trial. Secure your open source software by prioritizing open source risk, reducing technical debt, and meeting compliance objectives like SBOMs & VEX. With Endor Labs’ reachability analysis, devsecOps teams can get to the right context faster, manage risks effectively, and accelerate product development.

What’s in the trial:

  • Complete access: Enjoy all the features without limitations for an entire month.

  • Getting started: Use Endor Labs’ guided walkthrough to understand the main features of the application.

  • Quick start: Use the quick start to get started with the application.

  • Seamless integration: Effortlessly integrate Endor Labs into your development workflows.

Setup namespaces (Beta)

Leverage namespaces to establish a logical and hierarchical structure for your projects, providing enhanced organization and clarity. As an administrator, you can:

  • Organizational logic: Create logical partitions based on organizational units, business units, project requirements, or teams.
  • Access control: Define hierarchy and control access to project resources within a namespace, ensuring a tailored and secure project environment.
  • Policy governance: Establish robust policy governance by defining rules of engagement within namespaces and setting different or identical guardrails across namespaces.

For more information, see Set up namespaces.

View the CI/CD tools in your repository (Coming soon)

Gain a profound understanding of your software development lifecycle environment by discovering all CI/CD tools used in your organization, business units, or teams.

  • Automated tool discovery: Endor Labs automatically identifies and discovers all CI/CD tools during the endorctl scan process, providing a hassle-free experience.
  • Comprehensive mapping: The end result is a comprehensive mapping of your CI/CD tools, categorized and correlated with the last timestamp of your scan.
  • Enhanced visibility: This feature enhances your understanding of the software development environment posture by providing an accurate picture of the CI/CD tools in use.

For more information, see Discover CI/CD tools.

Scan Kotlin projects (Beta)

Scan your Kotlin projects to perform:

  • Quick Scan: Quickly assess software composition using endorctl scan --quick-scan.
  • Deep Scan: Conduct comprehensive analysis with dependency resolution, reachability analysis, and call graph generation using the endorctl scan.
  • Maven and Gradle Integration: Seamlessly integrate with Maven and Gradle for efficient builds and dependency resolution.
  • Configuration Flexibility: Configure Maven private registries and specify Gradle configurations with ease.
  • Static Analysis: In-depth analysis of Kotlin code for precise insights into dependency reachability.

For more information, see Endor Labs for Kotlin.

Dependency discovery for Go projects using Bazel (Beta)

Scan Go projects with Bazel integration using the endorctl scan command. By leveraging this command as a Bazel rule, you can analyze dependencies while using Bazel commands.

  • Bazel Integration: Scan Go projects by calling the endorctl scan command as a Bazel rule, ensuring smooth integration with Bazel workflows.
  • Targeted Scanning: Choose between scanning the entire repository or specific Go targets using language-specific Bazel rules. Alternatively, employ a Bazel query to scan targets based on specific criteria.
  • Incremental Scans: Execute scans with precision by focusing on recently updated targets, optimizing the scanning process for enhanced efficiency.

For more information, see Language-specific Bazel.

Scan binary artifacts (Beta)

Execute endorctl scans on binaries and artifacts without the complexities of accessing source code or build systems.

  • Language support: The scanning functionality extends to Java and Python packages, covering a wide spectrum of pre-built, bundled, or locally downloaded components.
  • Artifact/Package specification: Easily initiate scans by specifying the file path to their artifact or binary package, streamlining the scanning process.
  • Comprehensive scan: Scan specified packages to gain insights into resolved dependencies, transitive dependencies, and comprehensive call graphs, providing you with a holistic view of software components.

For more information, see Binaries and artifacts.

Sign artifacts (Coming soon)

Sign and verify container images and build artifacts. Inspired by industry best practices like Sigstore and Cosign, this feature enhances security and transparency in your software supply chain.

  • Ensured integrity: Cryptographic signatures guarantee the authenticity of container images and build artifacts, adding an extra layer of security to your software supply chain.
  • Comprehensive traceability: Seamlessly trace the origins of artifacts through workflows and environments, ensuring transparency across the software lifecycle.
  • User-Friendly experience: Integrated with Endor Labs’ software, the command-line tool and existing GitHub action offer a streamlined, user-friendly experience for signing and verification.