Software Composition Analysis (SCA) is among the most foundational approaches to product security. Understanding the known vulnerabilities (CVE) and leading and lagging indicators of risk are among the most widely leveraged security controls in industry. There are three major types of SCA: Runtime SCA, Manifest scanning SCA and Build/Install-time SCA with and without program analysis. This session will explore not only the hidden costs & pros/cons, but explain why they exist. With any approach to vulnerability management there are a spectrum of trade offs that exista and often complementary approaches are seen as competitive because of a lack of understanding.

Speakers

Jamie Scott

Founding Product Manager

Endor Labs

Jamie Scott

Founding Product Manager

Endor Labs

Schedule

No items found.

Want to stay in the loop?

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Article

Endor Labs Launches with $25M Seed Financing to Tackle Massive Sprawl of Open Source Software (OSS)

Solution from category-defining entrepreneurs and world-renowned experts helps developers spend less time dealing with security issues, more time accelerating their development through safe code reuse.

Click to read

Article

SBOMs are Just a Means to an End

Do you know what goes into the software your company consumes? If your answer was sticky tape and glue, you clearly work in technology. Congratulations, this article is for you.

Click to read

Article

Introducing the OpenSSF Scorecard API

The Scorecard API makes it easier to automate and enforce your dependency policies. Naveen is one of the key contributors to the Scorecard projects, in this article, he walks through how it works!

Click to read

Article

How to Get the Most out of GitHub API Rate Limits

Thinking about using Github's REST API within your system, or already doing so? If you have not already encountered this concept, one important thing to keep in mind while developing is Github's concept of rate limiting.

Click to read

Article

Why I Joined Endor Labs to Build our India Team

Sriram Subramanian recently left his position as VP of Engineering at Citrix to lead the India R&D center at Endor Labs. We asked him what made him take the leap and what's his vision for the India team.

Click to read

Article

How Zero Trust Principles Can Accelerate Enterprise Adoption of OSS

Learn how Zero Trust principles help OSS adoption

Click to read

Article

What Security Teams Need to Know about Software Development

Learn how to begin threat models and make more informed risk management decisions regarding their software development practices.

Click to read

Article

CSRB Log4j Report - The Response is as Dangerous as the Vulnerability

The recent report from the CSRB gives a step by step account of Log4j, from discovery to remediation, and uncovers a painful insight - sometimes the response is just as dangerous as the vulnerability.

Click to read

Article

Polyrepo vs. Monorepo - How Does it Impact Dependency Management?

In this article, we explore the impact of using a monorepo vs a polyrepo architecture on dependency management.

Click to read

Sorry, we couldn't find what you're looking for.

View All Results

CSA San Francisco July Chapter Meetup

Speakers

Event Overview

The SCA Balancing Act: Understanding Tradeoffs, What to Do and Avoid

Speakers

Schedule

Heading

Want to stay in the loop?

Under the Hood: People.ai's Proactive Approach to AI Security

People.ai transforms security and compliance with Endor Labs

Streamline Investigation with Enriched Vulnerability Search

Endor Labs Launches with $25M Seed Financing to Tackle Massive Sprawl of Open Source Software (OSS)

SBOMs are Just a Means to an End

Introducing the OpenSSF Scorecard API

How to Get the Most out of GitHub API Rate Limits

Why I Joined Endor Labs to Build our India Team

How Zero Trust Principles Can Accelerate Enterprise Adoption of OSS

What Security Teams Need to Know about Software Development

CSRB Log4j Report - The Response is as Dangerous as the Vulnerability

Polyrepo vs. Monorepo - How Does it Impact Dependency Management?

Lightsaber Stunt Training Series - North America

Lightsaber Stunt Training Series - Europe

OWASP Nashville Meetup

OWASP Los Angeles Meetup

Star Wars: The Force Awakens - Rooftop Cinema Family Event

Evolving Your AppSec Program in the Era of AI

DEF CON 33 AppSec Village

Meet with Us at the Endor Labs Suite

Black Hat USA

See the Vegas Strip like never before—from a helicopter

BSides Las Vegas

OWASP Toronto Meetup

OWASP Denver Meetup

OWASP Bay Area Meetup

Endor Labs Game Night - June

AI Security Collective London

OWASP Dallas Meetup

Security Leaders Networking Breakfast: Chicago Edition

OWASP Italy Day

OWASP Oslo Meetup

OWASP Jacksonville Meetup

OWASP Boston Meetup

AppSec Brews and Rooftop Views Social

OWASP Global AppSec EU 2025

CSA San Francisco Chapter May Meetup

OWASP Washington, D.C. Meetup

FS-ISAC EMEA Summit

Cloud & AI Security Azure Immersion Day

OWASP London Meetup

OWASP Vancouver Meetup

BBQ & Bytes: AppSec Social Copenhagen

V2 Security Copenhagen

Birds of a Feather [Women's Only Event]

CISO Sanctuary Breakfast hosted by Hitch Partners

Bricks, Blocks, and Big Ideas: A LEGO Workshop with Tyler Clites

Request your VIP pass to the Endor Labs' Base at RSAC

CSA Summit 2025

AI vs. AI: Securing Software in the Era of AI-Generated Code

RSAC 2025

AppSec Workshop: Fix Faster

Vibe Coding is Mid for Security

Cybersecurity Identity Summit 2025

BSides Seattle

KCJUG Meetup

OWASP Antonio Meetup

Innovate Cybersecurity Summit - Nashville

AppSec AI Summit

OWASP Bristol: Stormy Seas of Supply Chain Security

NCAA March Madness

OWASP Vancouver

Boston Security March 2025 Meetup

GPSec Security Forum Boston

InfoSec Anti-Summit

SANS Institute Cyber Solutions Fest

SnowFROC

DevOps Live London

FS-ISAC Spring Americas Summit

Lightsaber Stunt Training for AppSec Nerds

Software Supply Chain (SSC) Security & Craft Beer

Innovate Peer Panel - Atlanta