Blog

A breakdown of why your SCA results are always so full of false positives (and sometimes false negatives), and why treating source code as a first class citizen can lead us to the solution.

SINET, an organization with the mission to accelerate Cybersecurity innovation through public-private partnerships, announced today that Endor Labs is one of the winners of its annual SINET16 Innovator Award. Endor Labs and 15 other emerging companies are identified as the most innovative and compelling technologies in their fields to address Cybersecurity threats and vulnerabilities.

Exploit Prediction Scoring Systems (EPSS) is a data set that helps you understand the likelihood that a CVE will be exploited. Learn what the EPSS includes and how to use it to prioritize vulnerability remediation.

Announcing new language support for Endor Labs Open Source

What’s the best of the best when it comes to open source security tools?We’ve previously talked about the OpenSSF Scorecard, which gives developers a high-level snapshot of the security of any given open source project. But in this post, we’ll talk about a related project, the Open Source Security Index (OSSI), which does something slightly different and complementary.

As projects grow larger and more complex, developers face challenges in maintaining a clean and efficient development workflow. Fortunately, npm workspaces offer an essential solution to streamline JavaScript development. In this blog post, we will explore the concept of npm/yarn workspaces, its importance, and how Endor Labs works with them.

All the questions (and some of the answers) you need before kicking off your SBOM program.

Endor Labs integrates with GitHub Advanced Security to enable developers to easily view and remediate SCA alerts without ever needing to leave GitHub.

Endor Labs raises a total of $70M to achieve application security without the developer productivity tax. Here's what we're doing, and where we're going.

CVSS, KEV, SVCC, EPSS, and reachability analysis are 5 method used to prioritize open source vulnerabilities for remediation. Do you need all 5? Which is the best? It turns out a combination of factors (and a tool that can bring it all together) is the best solution.

The Station 9 research team discovered malicious code that was divided and distributed across different packages, remaining obfuscated for months while getting nearly 2000 downloads.

The State of Dependency Management 2023 reports on the latest research on dependency management and how AI is impacting the application security landscape.

Endor Labs is committed to providing cutting-edge solutions that address the challenges faced by platform engineering and DevSecOps teams in meeting application security needs.

A call graph is a visualization of invocation of vulnerable open source methods by a given client. Learn how to use call graphs to understand relevancy and impact of vulnerabilities.

Like anything in computer science and programming, there’s more than one way to solve a problem or get a result. SCA (software composition analysis) is no different.

Learn how packages.lock.json can help maintain a secure .NET development and why it should be part of your development workflow.

Proving once again open source governance doesn’t have to SOC, yes I made that joke again and I’m not sorry. We’re excited to announce we have received a clean audit result on our SOC2 Type II certification.

At Endor Labs, we continue evaluating the use of large language models (LLMs) for all kinds of use-cases related to application security. And we continue to be amazed about high-quality responses … until we’re amused about the next laughably wrong answer.

We've been named a winner of the 2023 Intellyx Digital Innovator Award, recognizing technology providers driving enterprise digital transformation. Learn more.

I mean, who wouldn't want to work with a bunch of Ewoks?

Developers are bombarded with information every day. Constant context switching and information overload are among the biggest barriers to productivity. There are simply too many demands for their attention. One day the sales team will understand. Right?

Experiments with GPT-3.5 suggest that LLM-based malware reviews can complement, but not yet substitute human reviews. 1800 binary classifications performed with GPT-3.5 included false-positives and false-negatives.

Endor Labs recognized for innovation in helping enterprises manage open source risk.

The Hyperdrive partner program enables organizations of all sizes to embrace open source software with confidence.

We’re excited to announce our latest partnership with Zinfinity as a strategic partner. Zinfinity is a global provider of technology solutions and services with a focus on Cyber Security, Cloud and Digital Infrastructure.