Endor Labs Pre-PR Security Review

Comprehensive security review of changes before creating a pull request.

Workflow

Step 1: Gather Changes and Run PR Scan

git diff --name-only HEAD          # Changed files (staged + unstaged)
git diff HEAD                      # Full diff
git diff main...HEAD --name-only   # Branch comparison

Categorize changed files into: dependency manifests, source code, config files, CI/CD files.

Run incremental PR scan using scan MCP tool:

• path: absolute path to repo root
• scan_types: ["vulnerabilities", "dependencies", "sast", "secrets"]