Blog

Upgrade Impact Analysis shows you what breaking changes a fix could cause. Endor Patches are trusted patches you can use when upgrades are too painful.

Software composition analysis (SCA) tools can take a static or dynamic approach. Learn the pros and cons of each option and see how the results differ.

Explore the top 33 open source tools for Maven, scored by Endor Labs on security, activity, popularity, and code quality.

Learn how Jellyfish’s security team uses a data-driven approach to risk management and the role SCA plays in their strategy.

Endor Labs, a leader in software supply chain security, today announced a strategic investment from Citi Ventures.

Endor Labs is named to Inc.’s annual Best Workplaces list for 2024.

Three CocoaPods CVEs raise serious security concerns for consumers of Swift and Objective-C libraries used for macOS and iOS mobile development.

When choosing an SCA tool, you’ll need to understand how the tool generates an inventory, correlates to risks, helps you prioritize results, and integrates into your toolchain.

The Endor Labs plugins for Backstage create an application security experience that doesn’t require developers to leave Backstage.

We’re excited to announce that Endor Labs now extends our software supply chain platform to include container scanning.

Company Recognized for Creating Secure Supply Chains that Improve Application Development Productivity

How can you tell if an OSS package is “good” or “bad”? A rigorous evaluation model, such as the Endor Score, can help developers make quick and informed decisions.

95% of vulnerabilities are found in transitive dependencies. Learn how they’re unique from direct dependencies and how to incorporate them into your risk management program.

GitHub Actions are open source dependencies - secure them accordingly! Learn how to effectively manage the security risks associated with GitHub Actions with a proactive approach focusing on three key areas: visibility, hardening, and dependency management.

Learn how your organization can achieve DORA compliance for managing open source software vulnerabilities with reachability-based SCA, SBOMs, and more.

Learn about the mobile application threat landscape and how you can protect mobile apps from security and legal risk associated with open source software with Endor Labs Open Source.

Known vulnerabilities are a well-understood software risk…but managing and prioritizing them is anything but simple. Learn about key considerations when building a program to detect and remediate CVEs.

A low-code/no code artifact signing solution makes it easy to implement an enterprise solution for verifying authenticity of software artifacts and tracing their origins.

Learn how your organization can achieve PCI DSS v4 compliance for managing open source software vulnerabilities with reachability-based SCA and more.

Source code repository misconfigurations can expose your organization to supply chain attacks. Repository Security Posture Management (RSPM) can offer a reliable system to enforce best practices.

Control which images get deployed in Kubernetes by configuring an admission controller to admit only those which have been signed by Endor Labs.

What happens when an AppSec professional attends a Java conference? Great conversations on productivity, tool pain, AI/ML, and vulnerability management.

While it’s improbable to prevent all exposure to supply chain risks, organizations can absolutely focus on a strategy to reduce the probability of successful attacks and reduce the time it takes them to respond to such threats.

The xz backdoor shines a light on everything we're doing wrong in software supply chain security. Get an overview of the incident, what we can learn from it, and what we can do about it.