Skip to main content
We are excited to introduce the latest features and enhancements in Endor Labs.

Container reachability Beta New

Endor Labs now supports container reachability, which determines which OS packages in a container image are used at runtime and marks them as Reachable, Potentially Reachable, or Unreachable. This helps you prioritize remediation for dependencies that are actually exercised during execution. Endor Labs supports two container reachability modes based on how your workload runs and its runtime dependencies.
  • Basic reachability: Profiles the container locally during the scan. Use when the application has no external dependencies.
  • Instrumented reachability: Runs the image in your real environment with an embedded sensor to capture runtime behavior. Use when the workload requires databases, queues, or other external services.
For more information, see Container reachability and Instrumented container reachability.

Bazel Bzlmod support New

Endor Labs now supports Bzlmod when you use Bazel aspects. Currently, only Go and Java rulesets support Bzlmod. For more information, see Bazel and Bazel aspects. For more information, see Bazel Bzlmod support.

Bazel aspects support New

Endor Labs now supports Bazel aspects to improve dependency resolution accuracy in Bazel workspaces. Endor Labs automatically discovers and applies the appropriate rules for your project, and also supports custom aspects for projects with custom build rules. For more information, see Bazel aspects.

AI-powered SAST analysis New

Endor Labs now supports AI-powered analysis for SAST findings to automatically classify them as true positives or false positives. The AI agent analyzes code context, traces data flows, and evaluates security controls to reduce false positives, helping security teams and developers focus on genuine security vulnerabilities. AI SAST analysis features require a Code Pro license. For more information, see SAST scan with AI analysis.

Bitbucket Cloud App PR scans Beta New

The Endor Labs Bitbucket Cloud App now supports automated pull request scanning for security vulnerabilities, policy violations, and exposed secrets. You can also configure PR comments directly on your pull requests when issues are detected, helping developers address security concerns before merging code. For more information, see Bitbucket Cloud App PR scans.

Search and filter notifications Enhancement

You can now use search for notifications using the policy name or Jira issue key, and also apply filters to narrow down notifications by time range, projects, notification channels, or error status. This helps you quickly locate specific notifications, identify patterns across your security events, and efficiently manage notification workflows. For more information, see Notifications.

Updated Endor Labs user interface Enhancement

Endor Labs now features a redesigned interface with updated navigation, layout, and workflows, making it easier to find and manage your security data. For more information, see Endor Labs user interface. DroidGPT has been removed from the product. For AI-powered help with findings and scan errors, use the Endor AI Chat in the application.

API documentation updates

Some API services are now designated as internal. As a result, they are no longer visible in the public API documentation.