Set up AI security code review with endorctl

• Complete the prerequisites to use AI security code review with endorctl.
• Set up the environment variables required to run endorctl for AI security code review.
• Install and authenticate endorctl, build your project, and run a scan. Scanning the repository creates the project in Endor Labs that you can use to configure the scan profile.
• Configure a scan profile for AI security code review.
• Enable the security review finding policy.
• Configure an action policy if you want to get comments on your GitHub pull request with the details of the AI security code review.
• Run scans for AI security code review.
• View results of the AI security code review.

​

Prerequisites to use AI security code review with endorctl

• An active Endor Labs subscription with Endor Code Pro license.
• Access to configure scan profiles and policies
• Code Segment Embeddings and LLM Processing enabled in Data Privacy settings
• A GitHub token with appropriate permissions.

​

Enable Code Segment Embeddings and LLM Processing

1. Select Settings from the left sidebar.
2. Select SYSTEM SETTINGS > Data Privacy.
3. Select Code Segment Embeddings and LLM Processing.
4. Click Save Data Privacy Settings.

​

Verify license and feature access

1. Select Settings > License from the left sidebar.
2. Verify that you have Security Review in Products and Features.

​

Set up environment variables

# Required: SCM token with repo access
export ENDOR_SCAN_SCM_TOKEN=<your-scm-token>

# Required: Endor Labs authentication
export ENDOR_API_CREDENTIALS_KEY=<your-api-key>
export ENDOR_API_CREDENTIALS_SECRET=<your-api-secret>
export ENDOR_NAMESPACE=<your-namespace>

​

Pull request scan with AI security code review

git fetch origin pull/<PR_NUMBER>/head:pr-<PR_NUMBER>
git checkout pr-<PR_NUMBER>

git fetch origin pull/12/head:pr-12
git checkout pr-12

endorctl scan \
  -n <namespace> \
  --pr \
  --security-review \
  --scm-pr-id <PR_NUMBER> \
  --scm-token $ENDOR_SCAN_SCM_TOKEN \
  --enable-pr-comments