Skip to content

Add Endor Labs vulnerability scanning infrastructure #112

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

Add Endor Labs vulnerability scanning infrastructure #112

Copilot wants to merge 4 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Dec 9, 2025
edited
Loading

Implements automated and manual vulnerability scanning using endorctl to scan Maven dependencies, secrets, and Java code.

Changes

  • GitHub Actions workflow (.github/workflows/endor-vulnerability-scan.yml)

    • Triggers on push to main/master, PRs, and manual dispatch
    • Downloads endorctl v1.7.688, runs scan with --dependencies, --secrets, --languages=java
    • Outputs SARIF file and uploads as artifact (30-day retention)

  • Manual scan script (scan-vulnerabilities.sh)

    • Validates and sanitizes ENDOR_NAMESPACE environment variable (prevents command injection)
    • Accepts optional ENDOR_API_KEY and ENDOR_API_SECRET

  • Documentation (VULNERABILITY_SCANNING.md)

    • Usage instructions for automated and manual scans
    • Required secrets configuration

  • Build configuration (.gitignore)

    • Excludes endorctl binary (272MB) and build artifacts

Usage

export ENDOR_NAMESPACE=your-namespace
export ENDOR_API_KEY=your-key
export ENDOR_API_SECRET=your-secret
./scan-vulnerabilities.sh

Workflow runs automatically or via Actions tab → "Endor Labs Vulnerability Scan" → Run workflow.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • api.oss.endorlabs.com
    • Triggering command: ./endorctl ./endorctl --version (dns block)
    • Triggering command: ./endorctl ./endorctl scan --path=. --dependencies --secrets --languages=java --output-type=summary --namespace=test-namespace (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

Run a vulnerability scan with endor-labs

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI changed the title [WIP] Run vulnerability scan with endor-labs Add Endor Labs vulnerability scanning infrastructure Dec 9, 2025
Copilot AI requested a review from IAmATeaPot418 December 9, 2025 16:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@IAmATeaPot418 IAmATeaPot418 Awaiting requested review from IAmATeaPot418

Assignees

@IAmATeaPot418 IAmATeaPot418

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@IAmATeaPot418