Blog

The Cyber Resilience Act (CRA) sets mandatory security requirements for hardware and software. This blog covers key compliance objectives, challenges with OSS vulnerabilities, and best practices for maintaining security throughout the product life cycle.

You can now use Endor Labs to evaluate AI models on HuggingFace for security, popularity, quality, and activity.

The U.S. Federal government's FY 2026 Cybersecurity Priorities focus on securing open source software, improving governance, and supporting OSS sustainability to strengthen the software supply chain.

Understand what LLMs are, how foundational LLMs are built, the opportunities they offer and the risks they pose.

Container layer analysis tells you which layer contains a vulnerability so you can prioritize remediation efforts more effectively and meet SLAs like FedRAMP.

Endor Labs reduces open-source vulnerability noise by 92%, boosting productivity and improving collaboration between development and security teams.

We're thrilled to have Karl Mattson as Endor Labs first Chief Information Security Officer (CISO)!

Get key insights from the 2024 Dependency Management webinar with Darren Meyer and Henrik Plate. We discuss how to prioritize vulnerabilities, navigate breaking changes, and leverage public vulnerability databases effectively.

Relativity changed their security program from a blocker to an enabler by integrating security into developer workflows and empowering developers to prevent risks before they ship to production.

Discover the top open-source tools for Python applications, ranked by Endor Scores based on security, activity, popularity, and code quality.

This blog covers key steps to simplify FedRAMP vulnerability management, helping you reduce risks and meet compliance timelines. It also provides practical tips to empower developers and streamline fixes for a smoother FedRAMP process.

Automatically patch open source libraries with Endor Patches during the build process, ensuring software is continuously protected against vulnerabilities without manual intervention.

Our third-annual Dependency Management Report explores how emerging trends in open source security should guide SDLC security strategy in 2024.

Wondering how to build or revamp a DevSecOps program? Get some immediately useful tips that you can apply to your startup or mature enterprise…or anywhere in between.

Learn what CI/CD security is, why it’s important, and discover the key tools Endor Labs offers to help you secure your CI/CD pipelines.

Endor Labs provides comprehensive CI/CD security for GitHub action workflows that detect patterns that may indicate PWN request threats.

Endor Labs’ newest capabilities help you reduce the research required to understand the impact of dependency upgrades and Endor Magic Patches help you stay safe without changing versions.

Endor Labs is now available on Azure Marketplace!

Endor Labs provides several filters to help you prioritize which risks to address first, resulting in an average 92% noise reduction.

Use Endor Labs to get accurate dependency inventories and complete vulnerability data sources.

Discover the 48 most popular open-source npm tools, complete with Endor Scores, to help you choose the best dependencies for your projects based on security, activity, popularity, and code quality.

Compare Endor Labs and Snyk GitHub Apps.

Use artifact signing, a feature of Endor Labs, to support build provenance requirements for SLSA.

Upgrade Impact Analysis shows you what breaking changes a fix could cause. Endor Patches are trusted patches you can use when upgrades are too painful.