Endor Labs is SOC2 Certified!

Open Source security doesn't have to SOC (sorry, I had to). We're excited to announce we have received a clean audit result on our SOC2 Type 1 certification.

Ron Harnik
Ron Harnik

We are proud to announce that Endor Labs has successfully completed a System and Organization Controls (SOC) 2 Type I audit. 

The SOC 2 information security standard, developed by the American Institute of Certified Public Accountants (AICPA), evaluates the security, availability, processing integrity, confidentiality, and privacy controls relevant to customer data. A SOC 2 Type I report examines the design of a service organization's controls and confirms that they meet the required trust services criteria.

We are pleased to announce that our SOC 2 Type I report did not have any exceptions and was issued with a "clean" audit result. This demonstrates our commitment to maintaining the highest standards of information security and data protection.

At Endor Labs, we understand the importance of protecting our customers' sensitive information and are dedicated to providing the highest level of security. The successful completion of this SOC 2 Type I audit confirms our commitment to security and privacy, and we will continue to take the necessary steps to ensure that our systems, processes, and people are secure.

Endor Labs helps security and engineering teams safely scale the use of open source software at the enterprise by focusing on the four main stages of the dependency management lifecycle:

  • Select better dependencies - Evaluate open source software on popularity, supportability and quality metrics as well as security metrics such as CVEs, malware, and risky APIs. Enforce governance policies that help developers select safer, more sustainable open source packages. 
  • Secure the supply chain - Once OSS packages are in your codebase, use static analysis and call graphs to prioritize vulnerabilities that are actually reachable and continuously monitor dependencies for security and operational risk, and detect next-gen attacks like typosquatting. 
  • Maintain & optimize - Consolidate versions and detect unmaintained or unused dependencies. Reducing the overall amount of dependencies improves build times and reduces the supply chain attack surface.
  • Comply with emerging standards - Create, store, and analyze 1st and 3rd party SBOMs in one place, and generate automatic Vulnerability and Exploitability eXchange (VEX) documents.

Want to see Endor Labs in action? Check out our demo library