Blog

Vulnerability metrics can help you uncover remediation and SLA trends, and demonstrate the value of AppSec investments to your leadership.

False positives can make FedRAMP ConMon costly. Learn why it’s hard to accurately identify false positives and some tactics for making this process less challenging.

Learn how Endor Labs targets the critical dependencies that are responsible for most of the open source vulnerabilities in the software supply chain.

JavaScript reachability is tricky for SCA tools because of how JavaScript approaches dependency resolution, dependency imports, and functions.

Grip Security values strong application security because it helps them build trust with their customers. Learn how a security company approaches AppSec.

Learn where common industry sayings such as “stay up to date” come from and how you can help Endor Labs help you overcome those challenges.

Learn why OVAL feeds, curated by Linux distributions, offer more precise vulnerability data than the NVD, reducing container scanning false positives and wasted efforts.

Breaking Changes, Breaking Trust

Vulnerability Management for FedRAMP compliance is expensive; your SCA tool should help you make it cheaper and easier.

Integrate Microsoft Defender for Cloud with Endor Labs for reachability analysis and attack path visibility — available natively within the Defender for Cloud console. Prioritize what to fix without switching tools.

Understand how models are factored and scored at Endor Labs, new exploration tab for HuggingFace models

Endor Labs now integrates Static Application Security Testing (SAST) into your application security testing stack.

The Cyber Resilience Act (CRA) sets mandatory security requirements for hardware and software. This blog covers key compliance objectives, challenges with OSS vulnerabilities, and best practices for maintaining security throughout the product life cycle.

You can now use Endor Labs to evaluate AI models on HuggingFace for security, popularity, quality, and activity.

The U.S. Federal government's FY 2026 Cybersecurity Priorities focus on securing open source software, improving governance, and supporting OSS sustainability to strengthen the software supply chain.

Understand what LLMs are, how foundational LLMs are built, the opportunities they offer and the risks they pose.

Container layer analysis tells you which layer contains a vulnerability so you can prioritize remediation efforts more effectively and meet SLAs like FedRAMP.

Endor Labs reduces open-source vulnerability noise by 92%, boosting productivity and improving collaboration between development and security teams.

We're thrilled to have Karl Mattson as Endor Labs first Chief Information Security Officer (CISO)!

Get key insights from the 2024 Dependency Management webinar with Darren Meyer and Henrik Plate. We discuss how to prioritize vulnerabilities, navigate breaking changes, and leverage public vulnerability databases effectively.

Relativity changed their security program from a blocker to an enabler by integrating security into developer workflows and empowering developers to prevent risks before they ship to production.

Discover the top open-source tools for Python applications, ranked by Endor Scores based on security, activity, popularity, and code quality.

This blog covers key steps to simplify FedRAMP vulnerability management, helping you reduce risks and meet compliance timelines. It also provides practical tips to empower developers and streamline fixes for a smoother FedRAMP process.

Automatically patch open source libraries with Endor Patches during the build process, ensuring software is continuously protected against vulnerabilities without manual intervention.