Zebra Technologies Cuts SCA Noise by 97% with Endor Labs
Zebra Technologies powers the frontlines of business in retail, healthcare, logistics, manufacturing, and beyond. Zebra’s products and solutions help businesses grow through increased asset visibility, connected frontline workers and intelligent automation. With over 55 years of innovation and numerous acquisitions, Zebra is a global leader in digitizing and automating workflows.
Securing it all is no easy task.
To keep pace with the growing demands of product security, Zebra’s team adopted a proactive, product-wide security model. As their Software Composition Analysis (SCA) program matured, the Product Security team recognized that traditional SCA tools were introducing more friction than value—cluttering developer workflows with unprioritized findings and making it harder to accurately track risk across business units.
Zebra Technologies powers the frontlines of business in retail, healthcare, logistics, manufacturing, and beyond. Zebra’s products and solutions help businesses grow through increased asset visibility, connected frontline workers and intelligent automation. With over 55 years of innovation and numerous acquisitions, Zebra is a global leader in digitizing and automating workflows.
Securing it all is no easy task.
To keep pace with the growing demands of product security, Zebra’s team adopted a proactive, product-wide security model. As their Software Composition Analysis (SCA) program matured, the Product Security team recognized that traditional SCA tools were introducing more friction than value—cluttering developer workflows with unprioritized findings and making it harder to accurately track risk across business units.
Zebra Technologies powers the frontlines of business in retail, healthcare, logistics, manufacturing, and beyond. Zebra’s products and solutions help businesses grow through increased asset visibility, connected frontline workers and intelligent automation. With over 55 years of innovation and numerous acquisitions, Zebra is a global leader in digitizing and automating workflows.
Securing it all is no easy task.
To keep pace with the growing demands of product security, Zebra’s team adopted a proactive, product-wide security model. As their Software Composition Analysis (SCA) program matured, the Product Security team recognized that traditional SCA tools were introducing more friction than value—cluttering developer workflows with unprioritized findings and making it harder to accurately track risk across business units.
Key Results with Endor Labs:
- 97% reduction in non-actionable alerts
- Improved accuracy of business unit risk scores
- Greater developer trust and engagement
- Faster remediation earlier in the SDLC
Endor Labs helped us cut through the noise and focus on what matters. With fewer alerts and more accuracy, our teams now spend more time building and less time chasing false positives. Endor Labs has made secure development faster and easier to adopt across Zebra.
Zebra Technologies powers the frontlines of business in retail, healthcare, logistics, manufacturing, and beyond. Zebra’s products and solutions help businesses grow through increased asset visibility, connected frontline workers and intelligent automation. With over 55 years of innovation and numerous acquisitions, Zebra is a global leader in digitizing and automating workflows.
Securing it all is no easy task.
To keep pace with the growing demands of product security, Zebra’s team adopted a proactive, product-wide security model. As their Software Composition Analysis (SCA) program matured, the Product Security team recognized that traditional SCA tools were introducing more friction than value—cluttering developer workflows with unprioritized findings and making it harder to accurately track risk across business units.
Zebra Technologies powers the frontlines of business in retail, healthcare, logistics, manufacturing, and beyond. Zebra’s products and solutions help businesses grow through increased asset visibility, connected frontline workers and intelligent automation. With over 55 years of innovation and numerous acquisitions, Zebra is a global leader in digitizing and automating workflows.
Securing it all is no easy task.
To keep pace with the growing demands of product security, Zebra’s team adopted a proactive, product-wide security model. As their Software Composition Analysis (SCA) program matured, the Product Security team recognized that traditional SCA tools were introducing more friction than value—cluttering developer workflows with unprioritized findings and making it harder to accurately track risk across business units.
Zebra initially integrated SCA tooling directly into developer pull requests to catch vulnerabilities early. But it quickly became clear that surfacing every alert, regardless of reachability or impact, created major issues:
- Alert Volume Management: Flagging all findings without factoring in exploitability or context created unnecessary noise, limiting actionable insights.
- Risk Clarity Challenges: The absence of contextual prioritization made it difficult for teams to effectively communicate relevant risk levels across leadership channels.
- Developer Experience Impact: The volume and perceived severity of issues led to friction and diluted focus on higher-impact vulnerabilities.
- Remediation Timing: Findings identified later in the cycle introduced delays and required significantly more effort to resolve than those caught earlier.
These observations informed a shift toward a more developer-aligned, risk-informed approach—designed to improve prioritization, streamline workflows, and enhance secure development practices at scale.
Zebra’s security team ran a competitive evaluation to find an SCA platform that could deliver on three core goals:
- Improve Risk Accuracy: Prioritize vulnerabilities based on real usage and reachability—highlighting what matters most.
- Empower Developers: Reduce alert fatigue, provide context-aware remediation guidance, and integrate seamlessly into existing workflows.
- Support Compliance: Automate SBOM and VEX generation,and ingest third-party SBOMs for supply chain visibility.
Why Endor Labs Won
- Reachability-Based Prioritization: Endor Labs showed which vulnerabilities were actually exploitable in Zebra’s code, reducing false positives dramatically.
- Developer-First Experience: Designed for modern workflows with intuitive APIs, IDE plugins, and actionable reporting.
- Clearer Risk Visibility: Enabled business unit leads to confidently report on their real risk—improving reporting to senior leadership and accelerating secure decision-making.
“Endor Labs helped us cut through the noise and focus on what matters.”
“With fewer alerts and more accuracy, our teams now spend more time building and less time chasing false positives. Endor Labs has made secure development faster and easier to adopt across Zebra.”
— Michael Hammond, Information Security Engineer, Zebra Technologies
Within weeks of deployment, Endor Labs helped Zebra transform its SCA strategy:
97% Reduction in Noise
Developers saw a dramatic drop in non-actionable alerts—improving focus and engagement.
More Accurate Risk Scores
Business units reported cleaner, more defensible risk profiles—backed by reachability insights.
Developer Buy-In
Engineers embraced the tool thanks to lower friction, better results, and a smoother experience.
Earlier Remediation
By catching issues earlier in the pipeline, Zebra cut remediation effort by over 60%.
Looking Ahead
Zebra is now expanding its use of Endor Labs to:
- Enforce policies for high-severity risks
- Integrate deeper vulnerability intelligence
- Automate remediation across complex CI/CD environments
As Zebra continues scaling its product security capabilities, Endor Labs remains a trusted partner—helping turn security from a blocker into a business enabler.