Endor Labs is SOC 2 Type II Certified!

Proving once again open source governance doesn’t have to SOC, yes I made that joke again and I’m not sorry. We’re excited to announce we have received a clean audit result on our SOC2 Type II certification.

Ron Harnik
Ron Harnik

We are excited to announce that Endor Labs has successfully completed a System and Organization Controls (SOC) 2 Type II audit! 

Developed by the American Institute of Certified Public Accountants (AICPA), the SOC 2 information security standard is an audit report on the examination of controls relevant to the trust services criteria categories covering security, availability, processing integrity, confidentiality and privacy. A SOC 2 Type II report describes a service organization's systems and whether the design of specified controls meets the relevant trust services categories, and assesses the effectiveness of those controls over a specified period of time. 

Endor Labs’ SOC 2 Type II report did not have any noted exceptions and therefore was issued with a “clean” audit opinion from SSF.

Endor Labs helps security and engineering teams safely scale the use of open source software and prioritize risk across development and CI/CD pipelines:

Open Source Governance - According to GitHub, 90% of code in modern applications is open source. This accounts for the largest blind spot in the software supply chain. 95% of vulnerabilities are found in transitive dependencies - the software packages automatically brought in by the open source software developers select. Endor Labs helps development and security teams manage the entire open source lifecycle, from the selection of safer and more sustainable dependencies to the prioritization of reachable vulnerabilities with program analysis. Endor Labs goes beyond known vulnerabilities and cuts down 80% of noise compared to traditional SCA tools, surfacing the security and operational risk that is actually impactful to the application. 

CI/CD Governance - Once code enters the build pipeline, the security of the code pipelines themselves is paramount. Endor Labs helps developers and security teams manage everything that has access to source code, from developer accounts, code repositories, 3rd party apps, and secrets. 

Compliance - With Endor Labs, security teams can generate and manage accurate SBOM and VEX documents, as well as manage open source licenses and ensure CI/CD pipelines are compliant with CIS benchmarks, all in one place. 

Want to see Endor Labs in action? Check out our demo library!