Endor Labs & GitHub Advanced Security

The Endor Labs integration with GitHub Advanced Security has one goal - make life easier for developers. Using GitHub Actions, you are now able to automate security scans for OSS packages, using Endor Labs' deep reachability analysis, without ever having to leave GitHub. Security teams can transparently enforce policies around repo configuration and open source usage, while developers get all the context they need within GitHub.

Endor Labs and Advanced Security findings in GitHub

Automate Endor Labs scanning with GitHub Actions and get the context you need to review, fix, or dismiss risk findings without having to switch tools. Endor Labs' GitHub Action produces SARIF output, which means you have your GitHub Advanced Security and Endor Labs findings in the same place.

No need to manage secrets

The most secure secret is one that doesn't exist. Endor Labs uses trusted identities from GitHub, so that you don't need deal with the hassle and cost of secret management.

Want to learn more about Endor Labs? Check out our demo library!