By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
18px_cookie
e-remove

Endor Labs is SOC 2 Type II Certified!

Proving once again open source governance doesn’t have to SOC, yes I made that joke again and I’m not sorry. We’re excited to announce we have received a clean audit result on our SOC2 Type II certification.

Proving once again open source governance doesn’t have to SOC, yes I made that joke again and I’m not sorry. We’re excited to announce we have received a clean audit result on our SOC2 Type II certification.

Proving once again open source governance doesn’t have to SOC, yes I made that joke again and I’m not sorry. We’re excited to announce we have received a clean audit result on our SOC2 Type II certification.

Written by
A photo of Ron Harnik — VP Marketing at Endor Labs.
Ron Harnik
Published on
June 15, 2023

Proving once again open source governance doesn’t have to SOC, yes I made that joke again and I’m not sorry. We’re excited to announce we have received a clean audit result on our SOC2 Type II certification.

Proving once again open source governance doesn’t have to SOC, yes I made that joke again and I’m not sorry. We’re excited to announce we have received a clean audit result on our SOC2 Type II certification.

We are excited to announce that Endor Labs has successfully completed a System and Organization Controls (SOC) 2 Type II audit! 

Developed by the American Institute of Certified Public Accountants (AICPA), the SOC 2 information security standard is an audit report on the examination of controls relevant to the trust services criteria categories covering security, availability, processing integrity, confidentiality and privacy. A SOC 2 Type II report describes a service organization's systems and whether the design of specified controls meets the relevant trust services categories, and assesses the effectiveness of those controls over a specified period of time. 

Endor Labs’ SOC 2 Type II report did not have any noted exceptions and therefore was issued with a “clean” audit opinion from SSF.

Endor Labs helps security and engineering teams safely scale the use of open source software and prioritize risk across development and CI/CD pipelines:

Open Source Governance

According to GitHub, 90% of code in modern applications is open source. This accounts for the largest blind spot in the software supply chain. 95% of vulnerabilities are found in transitive dependencies - the software packages automatically brought in by the open source software developers select. Endor Labs helps development and security teams manage the entire open source lifecycle, from the selection of safer and more sustainable dependencies to the prioritization of reachable vulnerabilities with program analysis. Endor Labs goes beyond known vulnerabilities and cuts down 80% of noise compared to traditional SCA tools, surfacing the security and operational risk that is actually impactful to the application. 

CI/CD Governance

Once code enters the build pipeline, the security of the code pipelines themselves is paramount. Endor Labs helps developers and security teams manage everything that has access to source code, from developer accounts, code repositories, 3rd party apps, and secrets. 

Compliance

With Endor Labs, security teams can generate and manage accurate SBOM and VEX documents, as well as manage open source licenses and ensure CI/CD pipelines are compliant with CIS benchmarks, all in one place. 

Want to see Endor Labs in action? Check out our demo library!  

The Challenge

The Solution

The Impact

Get new posts in your inbox.

Get new posts in your inbox.

Get new posts in your inbox.

Welcome to the resistance
Oops! Something went wrong while submitting the form.

Get new posts in your inbox.

Get new posts in your inbox.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get new posts in your inbox.