Scan with Endor Labs

Run various types of security scans to identify vulnerabilities, secrets, license issues, and more.

Endor Labs provides comprehensive scanning capabilities to identify security issues across your software supply chain. This section covers the different types of scans available and how to configure them.

SCA (Software Composition Analysis)

Scan open source dependencies for vulnerabilities with reachability analysis.

SAST (Static Application Security Testing)

Scan your first-party code for security vulnerabilities.

Secrets Detection

Scan your codebase for leaked secrets and sensitive data.

Container Scanning

Scan container images for vulnerabilities and secure your deployments.

Malware detection

Scan dependencies for malware and understand how it is detected, classified, and scored.

AI Models

Scan for and govern AI models in your codebase.

OSS Licenses

Identify and manage open source license compliance.

RSPM (Repository Security Posture Management)

Manage repository security posture and SCM configurations.

Scan Profiles

Configure scan profiles to customize how your projects are scanned.

Pull Request scans

Scan pull requests as they are raised in your repository.

Bazel

Scan monorepos with Endor Labs using Bazel.

Working with monorepos

Scan large monorepos with strategies for performance and coverage.