Blog

Endor Labs is named to Inc.’s annual Best Workplaces list for 2024.

Three CocoaPods CVEs raise serious security concerns for consumers of Swift and Objective-C libraries used for macOS and iOS mobile development.

When choosing an SCA tool, you’ll need to understand how the tool generates an inventory, correlates to risks, helps you prioritize results, and integrates into your toolchain.

The Endor Labs plugins for Backstage create an application security experience that doesn’t require developers to leave Backstage.

We’re excited to announce that Endor Labs now extends our software supply chain platform to include container scanning.

Company Recognized for Creating Secure Supply Chains that Improve Application Development Productivity

How can you tell if an OSS package is “good” or “bad”? A rigorous evaluation model, such as the Endor Score, can help developers make quick and informed decisions.

95% of vulnerabilities are found in transitive dependencies. Learn how they’re unique from direct dependencies and how to incorporate them into your risk management program.

GitHub Actions are open source dependencies - secure them accordingly! Learn how to effectively manage the security risks associated with GitHub Actions with a proactive approach focusing on three key areas: visibility, hardening, and dependency management.

Learn how your organization can achieve DORA compliance for managing open source software vulnerabilities with reachability-based SCA, SBOMs, and more.

Learn about the mobile application threat landscape and how you can protect mobile apps from security and legal risk associated with open source software with Endor Labs Open Source.

Known vulnerabilities are a well-understood software risk…but managing and prioritizing them is anything but simple. Learn about key considerations when building a program to detect and remediate CVEs.

A low-code/no code artifact signing solution makes it easy to implement an enterprise solution for verifying authenticity of software artifacts and tracing their origins.

Learn how your organization can achieve PCI DSS v4 compliance for managing open source software vulnerabilities with reachability-based SCA and more.

Source code repository misconfigurations can expose your organization to supply chain attacks. Repository Security Posture Management (RSPM) can offer a reliable system to enforce best practices.

Control which images get deployed in Kubernetes by configuring an admission controller to admit only those which have been signed by Endor Labs.

What happens when an AppSec professional attends a Java conference? Great conversations on productivity, tool pain, AI/ML, and vulnerability management.

While it’s improbable to prevent all exposure to supply chain risks, organizations can absolutely focus on a strategy to reduce the probability of successful attacks and reduce the time it takes them to respond to such threats.

The xz backdoor shines a light on everything we're doing wrong in software supply chain security. Get an overview of the incident, what we can learn from it, and what we can do about it.

Learn ways to comply with SSDF requirements for secure environments, trusted source code supply chains, code and artifact provenance, and vulnerabilities.

Learn how to establish automated CI/CD controls to reveal what’s running in your pipelines and which configs don’t align with risk and compliance requirements.

Learn about the pros and cons of maintaining current dependencies, backed by a TU Delft study on 262 Java projects on Github

Code Signing and other Artifact Signing enable application provenance to enhance admission control, incident response, and other essential capabilities.

Learn about emerging malicious code trends, including typosquatting and dependency confusion attacks, and two techniques for detecting malware in your applications.