We are excited to introduce you to the latest version of Endor Labs and endorctl - v 1.6.92. This release includes several enhancements.
- Dependencies listed in the manifest file but not used by the application
- Dependencies used by the application but not listed in the manifest file
- Dependencies listed in the manifest as transitive but used directly by the application
- Dependencies categorized as test dependencies but used directly by the application
The dependencies used in the source code but not declared in the package’s manifest files are tagged as Phantom.
NoteDependency reachability is in the Beta phase and is turned off by default. To detect phantom dependencies, run the endorctl scan with the flag
true and then run the endorctl scan.
Dependency discovery for Python and Java projects using Bazel
Users can now scan their Java and Python projects using Bazel through the endorctl scan command. You can call the endorctl scan command as a Bazel rule and analyze the dependencies by using the Bazel commands.
You can scan the entire repository or you can only scan specific Java or Python targets using language-specific Bazel rules. You can also use a Bazel query and scan all targets matching your query criteria. This helps in executing incremental scans on your repository and scans only the recently updated targets.
Was this page helpful? Send your feedback to email@example.com