From b04df3376586b391303a71329f400b15b643ce4a Mon Sep 17 00:00:00 2001 From: scharlottej13 Date: Mon, 8 Jun 2026 17:50:13 -0700 Subject: [PATCH 1/2] update readme intro with current product capabilities --- README.md | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2a83eb2..559fbb8 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,17 @@ -# Endor Labs Repository GitHub Action +# Endor Labs GitHub Action -Endor Labs helps developers spend less time dealing with security issues and more time accelerating development through safe Open Source Software (OSS) adoption. Our Dependency Lifecycle Management™ Solution helps organizations maximize software reuse by enabling security and development teams to select, secure, and maintain OSS at scale. +Catch vulnerabilities, exposed secrets, and risky or malicious dependencies before they reach production. Endor Labs combines agentic reasoning with deterministic program analysis to understand code behavior and patch vulnerabilities. Helps secure: -The Endor Labs GitHub action may be used to repeatably integrate Endor Labs scanning or signing jobs into your CI pipelines. +- Your code (AI SAST) — Security agents reason over your code graph to find exploitable vulnerabilities and suggested remediation +- Secrets — Catch leaked API keys, creds, and tokens at the source +- Third party dependencies — SCA with function-level reachability prioritizes and fixes without breaking code +- Malware detection — Detect and block malicious code in open source packages +- AI models — Report and assess AI models and services for risk +- Container images — Full-stack reachability surfaces vulnerabilities in the OS packages your image uses at runtime +- GitHub Actions and CI/CD tooling — Detect vulnerabilities, malware, and risky config +- Repo configuration (RSPM) — GitHub misconfigurations that expose your supply chain + +Run it on pull requests for point-in-time policy checks, or on your default branch to monitor findings over time. Surface findings in PR comments, the GitHub Security tab (SARIF), or the Endor Labs UI. ## Required Parameters and Pre-requisites From c05aa1104ff0ddfde2d97143164a9087c5b25c3d Mon Sep 17 00:00:00 2001 From: scharlottej13 Date: Mon, 8 Jun 2026 18:19:56 -0700 Subject: [PATCH 2/2] fix awkward phrasing --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 559fbb8..6ffbfc1 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Catch vulnerabilities, exposed secrets, and risky or malicious dependencies before they reach production. Endor Labs combines agentic reasoning with deterministic program analysis to understand code behavior and patch vulnerabilities. Helps secure: -- Your code (AI SAST) — Security agents reason over your code graph to find exploitable vulnerabilities and suggested remediation +- Your code (AI SAST) — Security agents reason over your code graph to find exploitable vulnerabilities and suggest fixes - Secrets — Catch leaked API keys, creds, and tokens at the source - Third party dependencies — SCA with function-level reachability prioritizes and fixes without breaking code - Malware detection — Detect and block malicious code in open source packages