Blog

How the UK Software Security Code of Practice reshapes supply chain security—and how Endor Labs helps vendors meet its core requirements.

Information on the likelihood and impact of CVE-2025-47949

Critical CVE-2025-4641 in WebDriverManager likely poses low real-world risk, but it should still be on radar. Here’s what you need to know, plus quick steps to check versions, upgrade, and secure CI pipelines.

Learn how Endor Labs cuts through security noise, stops unnecessary build breaks, and keeps developers focused on real risks—making security policy automation truly developer-friendly.

Upgrading dependencies in a Bazel monorepo? Learn 5 tips to avoid breakages, reduce risk, and keep your team (and builds) running smoothly.

Most security policies create more problems than they solve, overwhelming developers with noise and unnecessary build breaks. Here's what a better approach looks like.

A look at the easyjson controversy, open source provenance, and how Go's built-in protections help teams manage risk without overreacting.

Endor Labs raised a $93M Series B to accelerate its mission of securing the AI-driven software era. Learn why top investors preempted the round—and how Endor is redefining AppSec for modern development.

Endor Labs MCP Server powers real security fixes for vibe coding and AI-generated code—reduce noise and help AI tools fix risks for you.

Endor Labs helps application security teams identify the few code changes that impact their security architecture across thousands of pull requests.

The era of vibe coding is here. Learn how Endor Labs is helping AppSec teams secure and fix AI-generated code with a new agentic AI platform.

Endor Labs advisory: Critical CVE-2025-30065 in Apache Parquet lets attackers run code via schema parsing. Patch now by upgrading to version 1.15.1.

Learn how Endor Labs improves AppSec accuracy with better SCA and SAST, so you can decide if ASPM is the right fit for your organization.

OWASP OSS Risk 2: Explore the compromise of legitimate open-source packages, with an in-depth case study of the tj-actions/changed-files GitHub Action supply chain attack.

Analysis of the tj-actions/changed-files GitHub Actions compromise, assessing the impact and damage from the attack.

Cyber Essentials helps UK businesses guard against internet-based attacks and prove their security measures are truly effective.

GitHub Action tj-actions/changed-files was compromised, exposing CI/CD secrets. Learn how this attack impacts repositories and what steps to take now.

Learn when application security posture management (ASPM) solutions work, their limitations, and alternatives for cutting through security alert noise.

Endor Patches are backported open-source security fixes. Learn how we build and test Endor Patches for compatibility and security.

Each stage of the application security maturity staircase evolves your program—and Endor Labs is your escalator to the top.

Improve your mean time to remediation (MTTR) with smarter automatic pull requests that use upgrade impact analysis to reduce alert fatigue for developers.

Learn how to evaluate security risk factors for DeepSeek R1, and about important considerations for working with open source AI models.

Use Endor Labs to discover, evaluate, and enforce policies governing the usage of open source AI models from Hugging Face in your applications.

CVE-2024-53677 and CVE-2023-50164 are vulnerabilities in Apache Struts that could pave the way for remote code execution, or RCE. Learn how to figure out if you’re affected, and if so what to do about it

Opengrep is a fork of Semgrep's open source static code analysis engine. Learn about the benefits and how you can contribute.