Search Results
Learn about software supply chain security and Endor Labs
5 Types of Reachability Analysis (and Which is Right for You)
Explore the five key categories of reachability and their practical applications in AppSec and development. Learn the differences between SCA and container scanning, and understand how various tools like Function-Level Reachability, Package Baselining, and Internet Reachability play crucial roles in identifying and prioritizing security risks.
How CycloneDX VEX Makes Your SBOM Useful
Explore the challenges of modern vulnerability management and the efficiency of the Vulnerability Exploitability eXchange (VEX) in our latest blog post. Learn how VEX helps identify and communicate the true exploitability of vulnerabilities, streamlining cybersecurity efforts in the face of overwhelming scanner findings.
5 Federal Software Supply Chain Requirements You Should Be Aware Of
If you’ve been watching the software supply chain security space evolve, you likely know that a lot of the momentum and effort is coming out of the U.S. Federal government. This may seem surprising at first, but it shouldn’t be, when you account for the fact that the Federal government is one of the single largest procurers of technology and software in the world.
Dependency Resolution in Python: Beware The Phantom Dependency
Phantom dependencies are dependencies used by your code that are not declared in the manifest. If you miss them, they can sneak reachable risks into your application, lead to false positives, or inaccurate SBOMs. All very spooky. This article breaks down how phantom dependencies happen, and how to catch them.
Endor Labs Named 2023 SINET16 Innovator Award Winner
SINET, an organization with the mission to accelerate Cybersecurity innovation through public-private partnerships, announced today that Endor Labs is one of the winners of its annual SINET16 Innovator Award. Endor Labs and 15 other emerging companies are identified as the most innovative and compelling technologies in their fields to address Cybersecurity threats and vulnerabilities.
The Open Source Security Index Top 5
What’s the best of the best when it comes to open source security tools?We’ve previously talked about the OpenSSF Scorecard, which gives developers a high-level snapshot of the security of any given open source project. But in this post, we’ll talk about a related project, the Open Source Security Index (OSSI), which does something slightly different and complementary.
Faster SCA with Endor Labs and npm Workspaces
As projects grow larger and more complex, developers face challenges in maintaining a clean and efficient development workflow. Fortunately, npm workspaces offer an essential solution to streamline JavaScript development. In this blog post, we will explore the concept of npm/yarn workspaces, its importance, and how Endor Labs works with them.
How Should I Prioritize Software Vulnerabilities?
CVSS, KEV, SVCC, EPSS, and reachability analysis are 5 method used to prioritize open source vulnerabilities for remediation. Do you need all 5? Which is the best? It turns out a combination of factors (and a tool that can bring it all together) is the best solution.
Endor Labs’ ‘State of Dependency Management 2023’ Report Offers Insight on Explosive Popularity of AI and LLMs—and How They Impact Application Security
The State of Dependency Management 2023 reports on the latest research on dependency management and how AI is impacting the application security landscape.
Endor Labs Recognized as a Cool Vendor in the 2023 Gartner® Cool Vendors™ in Platform Engineering for Scaling Application Security Practices
Endor Labs is committed to providing cutting-edge solutions that address the challenges faced by platform engineering and DevSecOps teams in meeting application security needs.
Reviewing Malware with LLMs: OpenAI vs. Vertex AI
At Endor Labs, we continue evaluating the use of large language models (LLMs) for all kinds of use-cases related to application security. And we continue to be amazed about high-quality responses … until we’re amused about the next laughably wrong answer.
Make Developers' Lives Easier with Endor Labs & GitHub Advanced Security
Developers are bombarded with information every day. Constant context switching and information overload are among the biggest barriers to productivity. There are simply too many demands for their attention. One day the sales team will understand. Right?
Endor Labs partners with Zinfinity to help enterprise safely adopt Open Source Software
We’re excited to announce our latest partnership with Zinfinity as a strategic partner. Zinfinity is a global provider of technology solutions and services with a focus on Cyber Security, Cloud and Digital Infrastructure.
Open Source Licensing Simplified: A Comparative Overview of Popular Licenses
Explore the different types of open source licenses and how they impact the use, modification, and distribution of open source software. From GPL to Apache, MIT and more, learn the key differences between permissive and restrictive licenses and how to choose the right one for your project.
Endor Labs Launches with $25M Seed Financing to Tackle Massive Sprawl of Open Source Software (OSS)
Solution from category-defining entrepreneurs and world-renowned experts helps developers spend less time dealing with security issues, more time accelerating their development through safe code reuse.
Get a Free Trial
Protect your open source dependencies, secrets, and CI/CD pipelines without slowing down devs.
Try the Endor Labs Software Supply Chain Security platform for 30 days.