Blog

Nx supply chain attack: malicious npm versions of Nx exfiltrated SSH keys and tokens to GitHub—abusing AI code assistants. Learn how to detect and fix.

Endor Labs improves C/C++ SCA by combining cryptographic hashing, code embeddings, and a curated index for accurate dependency and vulnerability detection.

Kudelski Security uncovered an RCE flaw in CodeRabbit exposing 1M+ repos. Here’s what happened, how it was fixed, and key lessons for secure AI apps.

Unvetted AI models and services are entering your codebase. Do you have a plan to find and govern them?

Greg Pettengill, a Principal Product Security Engineer at Five9, is an early adopter of startup technology. In this article he shares his methodology for picking vendors that can deliver on promises.

Endor Labs now detects end-of-life (EOL) software in containers, helping AppSec teams eliminate risk early.

Learn about the most common and emerging security risks of AI-generated code, from injection flaws to hallucinated dependencies.

Developers are generating more code with AI coding assistants, but release velocity isn’t increasing. Here’s how to fix it.

Learn how to detect prompt injection vulnerabilities in GenAI applications and prevent attackers from exploiting LLM-powered workflows.

LLMs often recommend outdated or vulnerable open source packages—here’s why it happens, why it matters, and how AppSec and DevOps leaders can stay ahead.

How CWE-specific prompts cut LLM code vulnerabilities by more than half.

Secure AI-generated code at the source with a new integration for GitHub Copilot powered by the Endor Labs platform.

A CISO’s guide to analyzing and containing the security costs of AI-generated code

Endor Labs is now available on the Google Cloud Marketplace, enabling faster procurement and deployment of software supply chain security for GCP customers and partners.

Learn how to detect misconfigurations in Infrastructure as Code (IaC) files, preventing privilege escalation and unsafe defaults before they reach production.

Secure AI-generated code at the source with a new Cursor integration powered by the Endor Labs platform.

How a multi-step prompt technique can reduce vulnerabilities in AI-generated code

A step-by-step guide to testing Endor Labs SCA accuracy for C/C++ projects

CVE-2025-54313 tracks a supply chain attack on eslint-config-prettier, where four malicious versions of a popular npm library targeted Windows machines with a remote-code execution payload. Learn how it happened and how to stay safe.

The new FedRAMP RFC shifts the standard to require deep context into the reachability and exploitability of vulnerabilities. Here’s what you need to know.

A practical guide to embedding security requirements into AI coding workflows

Endor Outpost extends the full capabilities of the Endor Labs AppSec platform to Self-Hosted SCMs like Bitbucket Datacenter and GitLab Self-Managed.

Endor Labs and Oligo keep pipelines fast and secure with unified reachability, real-time threat blocking, and safe, automatic fixes.

Fixing Java deserialization vulnerabilities in Spring-Web is notoriously difficult, but Endor Labs offers an alternative with patches.

AI coding assistants make writing code a breeze, but they also contain security flaws. This free prompt library helps reduce vulnerabilities at the source, with more secure prompting practices and examples tailored to real-world use cases.