Blog

GitHub Actions are open source dependencies - secure them accordingly! Learn how to effectively manage the security risks associated with GitHub Actions with a proactive approach focusing on three key areas: visibility, hardening, and dependency management.

Learn how your organization can achieve DORA compliance for managing open source software vulnerabilities with reachability-based SCA, SBOMs, and more.

Learn about the mobile application threat landscape and how you can protect mobile apps from security and legal risk associated with open source software with Endor Labs Open Source.

Known vulnerabilities are a well-understood software risk…but managing and prioritizing them is anything but simple. Learn about key considerations when building a program to detect and remediate CVEs.

A low-code/no code artifact signing solution makes it easy to implement an enterprise solution for verifying authenticity of software artifacts and tracing their origins.

Learn how your organization can achieve PCI DSS v4 compliance for managing open source software vulnerabilities with reachability-based SCA and more.

Source code repository misconfigurations can expose your organization to supply chain attacks. Repository Security Posture Management (RSPM) can offer a reliable system to enforce best practices.

Control which images get deployed in Kubernetes by configuring an admission controller to admit only those which have been signed by Endor Labs.

What happens when an AppSec professional attends a Java conference? Great conversations on productivity, tool pain, AI/ML, and vulnerability management.

While it’s improbable to prevent all exposure to supply chain risks, organizations can absolutely focus on a strategy to reduce the probability of successful attacks and reduce the time it takes them to respond to such threats.

The xz backdoor shines a light on everything we're doing wrong in software supply chain security. Get an overview of the incident, what we can learn from it, and what we can do about it.

Learn ways to comply with SSDF requirements for secure environments, trusted source code supply chains, code and artifact provenance, and vulnerabilities.

Learn how to establish automated CI/CD controls to reveal what’s running in your pipelines and which configs don’t align with risk and compliance requirements.

Learn about the pros and cons of maintaining current dependencies, backed by a TU Delft study on 262 Java projects on Github

Code Signing and other Artifact Signing enable application provenance to enhance admission control, incident response, and other essential capabilities.

Learn about emerging malicious code trends, including typosquatting and dependency confusion attacks, and two techniques for detecting malware in your applications.

Tom Gleason is a security enthusiast with a knack for building and leading technically-focused customer teams. Formerly at Snyk, Akamai, and Palo Alto Networks, Tom joins Endor Labs to lead Customer Solutions.

Endor Labs CI/CD helps organizations secure their pipelines through pipeline discovery, repository security posture management, and build integrity verification (artifact signing).

Testing and installing new security tools is painful. Using generative AI, DroidGPT by Endor Labs makes it easy to troubleshoot and even prevent compatibility errors when installing the platform.

Endor Labs’ reachability-based SCA now supports Bazel so you can get fully accurate results without any of the messy workarounds usually required for monorepos.

Explore the five key categories of reachability and their practical applications in AppSec and development. Learn the differences between SCA and container scanning, and understand how various tools like Function-Level Reachability, Package Baselining, and Internet Reachability play crucial roles in identifying and prioritizing security risks.

Learn best practices for a proper software identification ecosystem that supports asset inventory, version control, vulnerability management, incident response, and more.

Discover the critical details of CVE-2023-50164, a severe vulnerability in Apache Struts.

Endor Labs’ JavaScript SCA capabilities cut down noise with a program analysis approach that outperforms manifest scanning SCA tools like Snyk, Veracode, and BlackDuck.