Add Endor Labs MCP server scan integration

[Copilot]

Enables security scanning using the Endor Labs MCP server scan tool to detect vulnerabilities, secrets, and dependency issues in the Java codebase.

Implementation

Scripts

• run-endor-scan.sh - Bash wrapper with options for scan type selection (--all, --vulnerabilities, --secrets, --dependencies)
• endor_scan.py - Python interface with programmatic access to scan configuration

Both scripts are portable, using current directory by default with REPO_PATH environment variable override.

Documentation

• README.md - Project overview with quick start
• ENDOR_SCAN_README.md - Complete scanning guide and troubleshooting
• SCAN_REPORT.md - Repository analysis identifying high-risk dependencies (log4j-core:2.3, mysql-connector-java:5.1.42)
• scan_invocation_example.txt - MCP tool invocation reference

Usage

# Run all scan types
./run-endor-scan.sh --all

# Or specific scans
./run-endor-scan.sh --vulnerabilities --dependencies

# Via MCP tool directly
{
  "tool": "endor-labs-scan",
  "parameters": {
    "path": "/home/runner/work/app-java-demo/app-java-demo",
    "scan_types": ["vulnerabilities", "secrets", "dependencies"]
  }
}

The scan analyzes 40 Java files and 20+ Maven dependencies for security issues.

Original prompt

run a scan with endor-labs mcp server using the scan tool

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.