October 2023

We are excited to introduce you to the latest version of Endor Labs and endorctl - v 1.6.5. This release includes several enhancements.


Command line flag changes for enhanced usability

Endor Labs has updated several flags to improve the overall usability for users. These changes are backwards compatible. All deprecated commands are hidden.

New scan options

New Flag New Variable Description
dependencies ENDOR_SCAN_DEPENDENCIES Scan Git commits and generate findings for all dependencies.
droid-gpt ENDOR_SCAN_DROID_GPT Leverage the power of DroidGPT to interpret build errors and generate remediation advice.
github ENDOR_SCAN_GITHUB Fetch information from GitHub, scan Git commits and generate findings for all dependencies, as well as any GitHub misconfigurations.
secrets ENDOR_SCAN_SECRETS Scan the source code repository and generate findings for leaked secrets.

Use the flags in combination with each other to make them more use case-specific.

Renamed flags

Deprecated Flag New Flag New Variable Description
ci-baseline pr-baseline ENDOR_SCAN_PR_BASELINE Set to the Git reference that you are merging to, such as your default branch. Action policies will only flag issues that do not exist in the baseline so that developers are only alerted to issues on the current changes. Example: --pr-baseline=main.
ci-run-uuid pr-uuid ENDOR_API_PR_UUID Only list resources from a specific PR scan.
ci-run pr ENDOR_SCAN_PR Set if this is a PR scan. PR scans are not used for reporting or monitoring and should be treated as point in time policy and finding test.
ci-tags tags ENDOR_SCAN_TAGS Specify a list of user-defined tags to add to the scan. Tags can be used to search and filter scans later.
secrets-full-history git-logs ENDOR_SCAN_GIT_LOGS Audit the historical Git logs of the repository for all branches in the repository. Must be used together with --secrets.

Troubleshoot build errors with DroidGPT

Endor Labs integrates with third-party Artificial Intelligence (AI) tools to help you troubleshoot errors while performing software composition analysis, dependency resolution, or generating call graphs during an endorctl scan.

In the event of an error, DroidGPT generates explanations and actionable advice for how to resolve the error on the given host system. These suggestions are displayed as part of the error log messages on the command line and can help you understand why build errors occurred during the scan process and how to resolve them.

Use the ENDOR_SCAN_DROID_GPT environment variable or the --droid-gpt flag to enable DroidGPT error logging on your system.

  • Enable error logging while performing a scan.
endorctl scan --droid-gpt
  • Enable error logging while checking the system specifications required for performing a scan.
endorctl host-check --droid-gpt

Example: Here is an example of the recommendations generated by DroidGPT while scanning a Ruby repository where the manifest file is not correctly configured.

*** NOTE: Use the following AI-generated advice at your own risk ***
DroidGPT suggests the following as a possible remediation:
1. The error message indicates that there is a problem parsing the Gemfile, which is preventing the dependency tree from being generated.
2. Specifically, the error message states that there are no gemspecs at the specified location, which is causing Bundler to fail.
3. To fix this issue, you should check that the Gemfile is correctly configured and that all necessary gemspecs are present.
4. Additionally, you may want to try running `bundle install` to ensure that all dependencies are properly installed.
5. Please note that this advice is generated by an AI and there may be additional factors at play that are not captured in the error message. As such, there is no guarantee that these steps will resolve the issue, and you should proceed with caution.