Speakers
Sign up now
Register
Speakers
Schedule
Want to stay in the loop?
Sign up for our newsletter.
GitHub Actions are open source dependencies - secure them accordingly! Learn how to effectively manage the security risks associated with GitHub Actions with a proactive approach focusing on three key areas: visibility, hardening, and dependency management.
Click to read
Solution from category-defining entrepreneurs and world-renowned experts helps developers spend less time dealing with security issues, more time accelerating their development through safe code reuse.
Click to read
At Endor Labs, we continue evaluating the use of large language models (LLMs) for all kinds of use-cases related to application security. And we continue to be amazed about high-quality responses … until we’re amused about the next laughably wrong answer.
Click to read
What’s the best of the best when it comes to open source security tools?We’ve previously talked about the OpenSSF Scorecard, which gives developers a high-level snapshot of the security of any given open source project. But in this post, we’ll talk about a related project, the Open Source Security Index (OSSI), which does something slightly different and complementary.
Click to read
Experiments with GPT-3.5 suggest that LLM-based malware reviews can complement, but not yet substitute human reviews. 1800 binary classifications performed with GPT-3.5 included false-positives and false-negatives.
Click to read
Join us for the Bay Area Bazel Meet-up for a technical deep dive into enhancing your scanning process and optimizing your development workflow.
Scanning a monorepo with traditional SCA tools is often inefficient, resulting in hours of scanning and numerous irrelevant results due to the lack of incremental scanning capabilities.
Endor Labs addresses this issue by offering native support for Bazel and monorepo. In this session, Alexandre will discuss the benefits of using Endor Labs as your SCA tool with Bazel, focusing on:
- Utilizing Bazel's native query for analysis
- Improving data accuracy compared to traditional SCA tools with reachability
- Performing incremental scans of your monorepo with Bazel and Endor Labs
Gazelle started out as a generator for Go targets in Bazel's BUILD files. It has grown to cover more languages, but the API for authoring extensions is in Go only, and requires end-users to recompile a go_binary in order to run the tool.
Aspect's CLI has a built-in Gazelle generator behind the 'configure' verb. In this talk I present a new capability of `aspect configure`: the ability to author BUILD file generation logic in Starlark, the same language used to write Bazel extensions such as rules and macros. I'll show some examples and explain how this benefits devinfra teams and product developers.
Sign up for our newsletter.