Blog

Our third-annual Dependency Management Report explores how emerging trends in open source security should guide SDLC security strategy in 2024.

Wondering how to build or revamp a DevSecOps program? Get some immediately useful tips that you can apply to your startup or mature enterprise…or anywhere in between.

Learn what CI/CD security is, why it’s important, and discover the key tools Endor Labs offers to help you secure your CI/CD pipelines.

Endor Labs provides comprehensive CI/CD security for GitHub action workflows that detect patterns that may indicate PWN request threats.

Endor Labs’ newest capabilities help you reduce the research required to understand the impact of dependency upgrades and Endor Magic Patches help you stay safe without changing versions.

Endor Labs is now available on Azure Marketplace!

Endor Labs provides several filters to help you prioritize which risks to address first, resulting in an average 92% noise reduction.

Use Endor Labs to get accurate dependency inventories and complete vulnerability data sources.

Discover the 48 most popular open-source npm tools, complete with Endor Scores, to help you choose the best dependencies for your projects based on security, activity, popularity, and code quality.

Compare Endor Labs and Snyk GitHub Apps.

Use artifact signing, a feature of Endor Labs, to support build provenance requirements for SLSA.

Upgrade Impact Analysis shows you what breaking changes a fix could cause. Endor Patches are trusted patches you can use when upgrades are too painful.

Software composition analysis (SCA) tools can take a static or dynamic approach. Learn the pros and cons of each option and see how the results differ.

Explore the top 33 open source tools for Maven, scored by Endor Labs on security, activity, popularity, and code quality.

Learn how Jellyfish’s security team uses a data-driven approach to risk management and the role SCA plays in their strategy.

Endor Labs, a leader in software supply chain security, today announced a strategic investment from Citi Ventures.

Endor Labs is named to Inc.’s annual Best Workplaces list for 2024.

Three CocoaPods CVEs raise serious security concerns for consumers of Swift and Objective-C libraries used for macOS and iOS mobile development.

When choosing an SCA tool, you’ll need to understand how the tool generates an inventory, correlates to risks, helps you prioritize results, and integrates into your toolchain.

The Endor Labs plugins for Backstage create an application security experience that doesn’t require developers to leave Backstage.

We’re excited to announce that Endor Labs now extends our software supply chain platform to include container scanning.

Company Recognized for Creating Secure Supply Chains that Improve Application Development Productivity

How can you tell if an OSS package is “good” or “bad”? A rigorous evaluation model, such as the Endor Score, can help developers make quick and informed decisions.

95% of vulnerabilities are found in transitive dependencies. Learn how they’re unique from direct dependencies and how to incorporate them into your risk management program.