December 2024 Edition

We know you’re probably busy, between the various December holidays and “end of the year” activities. So, first — happy holidays, whatever you celebrate! And second, let’s get straight into your updates.

Community

• Spent time at BlackHat Europe
• Sponsored the local Birmingham OWASP meeting
• Worked with Family Giving Tree to provide gifts to people and families in need

New and improved

Current version 1.6.714 — see December Release Notes

• NEW upgrade impact analysis supports dotNET, Kotlin, and Scala projects
• NEW container scanning lets you raise findings if a container base image isn’t approved by your organization
• NEW analytics dashboard lets you track vulnerability trends and resolution times across projects
• IMPROVED better scanning performance and decreased memory footprint for certain complex project types
• IMPROVED remediations view makes it easier to use reachability criteria to filter remediation suggestions
• IMPROVED findings detail drawers make fixes easier to understand, highlight when an Endor Patch is available, etc.

Endor Labs Tip

Use our cloud based scans (GitHub App, for example)? You can provide a Scan Profile to control scan scopes, provide information about toolchains (like required Gradle version), set environment variables, and so on. And for GitHub App scans, you can enable automatic scanning of PRs — including leaving PR comments for policy violations — here as well.

Just visit the Scan Profiles Settings page to create and manage your profiles, assign them to projects, etc. (see complete documentation). Or, if it better fits your workflow, you can commit an .endorctl/scanprofile.yaml file with the desired configuration directly to a project.