Skip to main content
Integrate your email address with Endor Labs and automatically receive policy violations as email notifications.

Configure email integration

To configure an email integration, follow these steps:
  1. Sign in to Endor Labs and select Integrations from the left sidebar.
  2. Navigate to Email under Notifications and click Add.
  3. Click Add Notification Integration.
  4. Specify a name and description for this integration.
  5. Enter email addresses separated by commas in EMAIL ADDRESSES.
  6. Click Add Notification Integration.

Associate an action policy with the email notification

Users can create action policies to send an email notification when the conditions of a given policy are met. For example, if there is a critical or high vulnerability, send an email notification. While creating an action policy, configure the following settings:
  • Select Choose an Action as Send Notification.
  • From SELECT NOTIFICATION TARGETS, choose the email integration notification that you created.
  • Choose an Aggregation type for notifications.
    • Choose None (Notify for each Finding) to trigger a separate email for each finding.
    • Choose Project to group and send all the findings related to a project in one email.
    • Choose Dependency to send individual emails for every dependency.
    • Choose Dependency per package version to send emails for every unique combination of dependency and package version.
  • From Assign Scope, include the project tags in INCLUSIONS to apply this policy to a project.
See Create an action policy for more details.

Customize email notification templates

Endor Labs provides a default template with standard information that will be included in the email. You can use the default template or you can choose to edit and customize this template to fit your organization’s specific requirements. You can also create custom templates using Go Templates.
  1. Sign in to Endor Labs and select Integrations from the left sidebar.
  2. Look for Email under Notifications.
  3. Click Manage to view the list of configured notification integrations.
  4. Choose a notification integration and click the ellipsis on the right side, and click Edit Template.
  5. Make required changes to any of the following templates and click Save Template.
    • Open - This template is used when new notifications are raised.
    • Update - This template is used when an existing notification is updated, such as, when some findings for the notification are changed.
    • Resolve - This template is used when all the findings reported by the notification are resolved.
  6. Click Restore to Default to revert the changes.
  7. Use the download icon on the top right corner to download this template.
  8. Use the copy icon to copy the information in the template.

Data model

To create custom templates for email notifications, you must understand the data supplied to the template. See the EmailData message used for Open and Update templates. See the ResolvedEmailData message used for Resolve template. See the following protobuf specification for the NotificationData message referenced by EmailData. To understand Project, Finding, PackageVersion and RepositoryVersion definitions that are used in this protobuf specification, see: See the following specification to understand a few additional functions available to the template. You can access these functions by using their corresponding keys.

Run a scan

Run the endorctl scan on your configured projects. See endorctl scan commands for more information. You can view email notifications of policy violations in your inbox.