Endor Labs Upgrade Impact Analysis

Find safe dependency upgrades that fix vulnerabilities with minimal risk. Uses pre-computed data from the Endor Labs platform -- no scanning required.

Workflow

Step 1: Find Project UUID

The project UUID is often available from a prior scan. Check .endor/scan-full-results.json or the scan output first.

npx -y endorctl api list --resource Project -n <NAMESPACE> --filter "uuid==\"<PROJECT_UUID>\"" --field-mask="uuid,meta.name" 2>/dev/null

Or use get_resource MCP tool with resource_type: Project and name: {repo_name}.

If not found, inform the user and stop.

Step 2: Get Best Upgrade Recommendations