By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
18px_cookie
e-remove

AI-Supported Environment Debugging for Endor Labs

Testing and installing new security tools is painful. Using generative AI, DroidGPT by Endor Labs makes it easy to troubleshoot and even prevent compatibility errors when installing the platform.

Testing and installing new security tools is painful. Using generative AI, DroidGPT by Endor Labs makes it easy to troubleshoot and even prevent compatibility errors when installing the platform.

Testing and installing new security tools is painful. Using generative AI, DroidGPT by Endor Labs makes it easy to troubleshoot and even prevent compatibility errors when installing the platform.

Written by
A photo of Camilla Odlund — Software Infrastructure and Analytics at Endor Labs.
Camilla Odlund
Published on
January 25, 2024

Testing and installing new security tools is painful. Using generative AI, DroidGPT by Endor Labs makes it easy to troubleshoot and even prevent compatibility errors when installing the platform.

Testing and installing new security tools is painful. Using generative AI, DroidGPT by Endor Labs makes it easy to troubleshoot and even prevent compatibility errors when installing the platform.

You found a new security tool (like Endor Labs) that’s going to change your life…now what?

Testing and deploying the tool is the first step to value, but we know from experience that it can be a nightmare. It’s tricky for security and platform engineering owners to configure the app to the right specifications, including the OS, package manager, and dependencies. And even when you finally get the tool to work, the whole experience probably leaves a bad taste in your mouth. Do any of these experiences sound familiar?

  • Got an error log informing you that a scan failed but with no actionable advice on how to actually resolve the issue? 
  • Countless hours spent trying to decipher cryptic error messages that somehow no one on the internet has ever asked about before, trying more and more random ideas, feeling completely stuck?
  • Finally figured out that you just had the wrong version of some tool and that you’re not an idiot after all and why didn’t it just say so in the first place?! 

Well, we've implemented enough tools in our careers to know we don't want that experience for our customers. We don’t think you should have to be an expert in your company’s app nor should you have to rope in the developers. That’s why we built a generative AI-based feature to make it painless to install Endor Labs.

Painless Endor Labs Installation with DroidGPT

DroidGPT’s new error handling capability enables Endor Labs users to troubleshoot and even prevent compatibility errors when installing the platform. When using this feature you get:

  • Immediate Feedback— Detect compatibility issues promptly with real-time, immediate feedback during scans.
  • AI-Driven Actionable Advice— Resolve issues quickly with precise, actionable, and intelligent guidance that’s based on runtime information. 
  • Self-Serve Scans— Reduce dependency on human intervention so security teams can handle and resolve issues independently, without help from Endor Labs or your dev team.

In this blog, we cover how the tool works and share sample scans demonstrating how it saves time (and headaches).

Causes of Tool Compatibility Issues

Before we get into the details, it’s helpful to understand the four primary reasons why a new software tool might not install successfully:

  • OS requirements— The project or one of its dependencies is incompatible with the OS on the machine that the build is being run on. For example, any project that depends on Py2objc can only be run on macOS and not on Linux/Windows-based machines.
  • OS architecture is incompatible— Packages that were built for macOS ARM architectures aren’t compatible with the Intel architecture and vice versa. For example, if you try to run NumPy binaries optimized for an Intel x86_64 architecture on a system with a different architecture, such as an ARM-based machine (like a Raspberry Pi or Apple’s M1 Mac), you might encounter compatibility issues.
  • Language version— Most languages and their versions are backwards compatible but not forwards compatible. For instance a project that is compiled on Java 17 cannot run in an environment that has Java 11 as default.
  • Transitive dependency incompatibility— The project has dependencies that are incompatible with each other. For example, numpy 1.26.2 and scipy 1.0.0 cannot both be dependencies at the same time.

Further, each development organization also imposes their own unique workflow on their source code repositories. For example, a set-up or patch script may be required to run before the build command. This is a hassle to navigate and debug while installing or evaluating tools that are meant to make your life easier, not harder. 

How DroidGPT Error Handling Works

With DroidGPT error handling, we use generative AI to provide both an explanation and an actionable set of instructions to ensure that the scan will finish successfully on the specific host machine. But how do we get there? 

Phase 1: Check Host Machine Compatibility

Endor Labs starts by checking host machine compatibility with the software to be scanned. If the host-check passes, fantastic! But it’s not unusual to miss something in the host machine setup. Because we collect the host environment information (such as host OS, architecture, and package manager), the DroidGPT feature can interpret the build error, explain the problem in natural language, and provide tailor-made instructions for fixing the error.

Example: Host Check Failure

In this example, Endor Labs detected that there is C# code in the repository to be scanned, which requires either .NET (dotnet) or NuGet (nuget). The host-check failed because neither is installed on the host machine. Because DroidGPT knows the host machine is MacOS ARM64 using brew, it’s able to provide precise instructions of how to install ‘dotnet-sdk 7.0.1’ (or later). A security practitioner (or platform engineer) can simply follow the instructions and then the host-check will pass. No need to research or bother the dev team!

Phase 2: Resolve Dependencies and Calculate Function Reachability

After the host check passes, Endor Labs resolves the source code dependency versions for the project. This is a separate step because it is unique to each project. Even if you know where to look, there is no guarantee that all such dependencies are listed in the manifest file(s), so the average security practitioner or platform engineer often has no idea if something is missing. Endor Labs scans your source code to locate all dependencies, down to the specific version requirements (which is also how we’re able to ensure the SCA scan gives you full visibility). If the build fails because a dependency is missing, DroidGPT comes back in to save the day. As with the host check, DroidGPT identifies exactly what is missing, explains why it’s a problem, and how to remedy the issue.

Example: Java Dependency Check Failure

In this example, the host-check passed (hooray!) but the dependency check failed. Gradle is a common package manager for Java. In this case, Endor Labs discovered that Gradle (‘build.gradle’) is failing because a plug-in (‘io.spring.ge.conventions’ version 0.0.11) is missing. DroidGPT provides two remediation options that let you resolve the problem without asking for help or conducting further research.

AI Privacy, Security, and Quality

Any AI-related solution always leads to the question: “What data are you looking at and where does it go?” This is a valid concern regarding all AI-based tooling. In the case of DroidGPT, we don’t use the public ChatGPT instance. Instead, we use a private Azure AI instance of GPT, only in chat dialogue mode, thereby not leaking any information with our query. Further, we only share the host OS, architecture, and package manager along with the unwrapped error log.

The most important factor in creating a useful AI integration is prompt engineering. As anyone who’s played with ChatGPT knows, giving a vague prompt (garbage in) will guarantee poor outputs (garbage out). For DroidGPT, we carefully crafted prompts to ensure clarity, brevity, and specificity. Adding the prompt preamble on the server side allows us to prevent any unauthorized or unexpected use.

Get Started with DroidGPT Error Handling

With the introduction of DroidGPT error handling, we’re taking a significant step forward in simplifying the process of evaluating and integrating Endor Labs in the CI/CD pipeline. This opt-in feature is automatically available to current customers - try it out and experience the future of OSS security!

The Challenge

The Solution

The Impact

Get new posts in your inbox.

Get new posts in your inbox.

Get new posts in your inbox.

Welcome to the resistance
Oops! Something went wrong while submitting the form.

Get new posts in your inbox.

Get new posts in your inbox.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get new posts in your inbox.