The Endor Labs Experience

With Endor Labs we know where to focus, while other tools tell us to focus everywhere. We’re feeding three birds at once, Endor Labs makes us more productive by telling us where to focus, it improves our security posture, and it’s meeting us where we work.

Endor Labs’ support for VEX, which is considered a companion document to any SBOM, and how easily we can ingest and manage SBOMs was key to our decision.

Citi runs one of the largest software development organizations in the world. At this scale, lost productivity due to false positive alerts is a compounding issue. Endor Labs integrates seamlessly into the developer workflow and helps pinpoint supply chain risks that may affect our business.

Integrating Endor Labs into our Azure DevOps pipeline has saved us thousands of developer hours. We're able to quickly pinpoint and fix reachable and exploitable vulnerabilities without wasting time chasing false positives.

When Varun launched Endor Labs, it felt like he, if anybody, would have the highest odds of success in trying to really raise that security bar and help security teams protect our own products and services against our common adversaries.

Endor Labs serves a critical need— while open source software development continues to grow, the way OSS dependencies and their influence on supply chain risk is managed today hinders development, and leaves both engineering and security teams frustrated

Endor Labs represents the next major innovation in application security. We believe that the reachability analysis provided by Endor Labs will be a must-have technology for enterprises, focusing developers’ efforts on only the most critical and reachable vulnerabilities and saving them countless hours.

Endor Labs has left me with the impression that they will do what it takes to see their customers succeed. For software composition and reachabiity analysis, it was difficult to find a competing product in the current market that is as fully featured as their platform.