Integrate Endor Labs with Vulnetix. Use endorctl to scan dependencies with reachability analysis, export SARIF findings, and upload to Vulnetix for centralised risk management.

SaaS platformSARIFCycloneDX

Run Endor Labs in CI

Scan on every push and upload the results to Vulnetix:

- name: Install endorctl
  run: |
    curl -s https://api.endorlabs.com/download/latest/endorctl_linux_amd64       -o endorctl && chmod +x endorctl

- name: Endor Labs scan
  run: |
    ./endorctl scan --namespace ${{ secrets.ENDOR_NAMESPACE }} --as-default-branch
    ./endorctl api get-vulnerabilities       --namespace ${{ secrets.ENDOR_NAMESPACE }} --sarif > endorlabs.sarif
  env:
    ENDOR_API_CREDENTIALS_KEY: ${{ secrets.ENDOR_API_KEY }}

- name: Upload to Vulnetix
  run: vulnetix upload --file endorlabs.sarif

Centralise Endor Labs results in Vulnetix

Upload Endor Labs SARIF, CycloneDX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.

Endor Labs documentation ↗

Wire Endor Labs into your CI/CD pipeline →

Endor Labs Integration Guide

Run Endor Labs in CI

Centralise Endor Labs results in Vulnetix