Public documentation for governed AI labor
SDKs/Governance/Connectors
Arx / Docs / Endor Labs Finding Triage

Documentation

Endor Labs Finding Triage

Project-Agent-trust-merge / library/workflows/endor-finding-triage/README.md

Project-Agent-trust-merge repo-root library/workflows/endor-finding-triage/README.md

Automates triage of Endor Labs SCA findings by filtering for reachable vulnerabilities, creating Jira tickets for actionable findings, and alerting Slack for critical reachable issues.

Maturity: L3-4 (Enforced to Governed)  ·  See the 5-level maturity model for where this workflow fits in your program.

What It Does

  1. Pulls findings from Endor Labs with reachability analysis data
  2. Filters to only reachable vulnerabilities (eliminating noise from non-reachable CVEs)
  3. Enriches findings with package dependency context (direct vs. transitive)
  4. Creates Jira tickets for reachable critical and high-severity findings
  5. Sends Slack alerts for critical reachable vulnerabilities requiring immediate attention

Time Saved

Before: 3 hours/week — developer security team manually reviews Endor Labs dashboard, identifies reachable vulns, cross-references with code, creates Jira tickets.

After: Automated filtering and ticket creation. Team reviews only the reachable, actionable findings.

Connectors

| Connector | Operations | Risk | |-----------|-----------|------| | Endor Labs | findings:read, packages:read | LOW | | Jira | issues:create | MEDIUM | | Slack | messages:send | LOW |

Overall Risk: MEDIUM — Jira issues:create creates tickets. No destructive actions.

ARX Governance

  • HITL Gate: Disabled — all operations are reads or non-destructive creates
  • Risk Threshold: 70 — auto-approved below this score
  • Audit Trail: Every finding evaluated, reachability decision, and ticket created is logged
  • Schedule: Every 6 hours (0 */6 * * *)

Setup

Prerequisites

``bash pip install arx ``

Environment Variables

``bash export ENDOR_NAMESPACE="your-endor-namespace" export ENDOR_API_KEY="your-endor-api-key" export JIRA_URL="https://your-org.atlassian.net" export JIRA_API_TOKEN="your-jira-api-token" export JIRA_PROJECT_KEY="APPSEC" export SLACK_BOT_TOKEN="xoxb-your-slack-bot-token" export SLACK_CHANNEL="#appsec-alerts" ``

Run

```bash

One-time execution

arx run workflow.py

Register on schedule

arx register --config arx.yaml ```

Customization

  • Adjust severity filters (CRITICAL, HIGH, MEDIUM)
  • Toggle reachability-only filtering (default: only reachable vulns get tickets)
  • Configure Jira project key and custom fields
  • Modify Slack channel routing per repository team
  • Adjust the schedule frequency in arx.yaml