Introducing AI SAST That Thinks Like a Security Engineer

Product

Platform

Platform Overview

Use cases

Reachability-based SCA

AI Model Governance

SBOM & Compliance

AI Security Code Review

Security Patches

Secrets Detection

Container Security

Malware Detection

Ecosystem

Languages & Integrations

Microsoft Defender for Cloud

GitHub Advanced Security

Learn

Resources

Customer Stories

Ebooks & Reports

Tools

Code Prompt Library

Featured resources

State of Dependency Management 2025

3D render of a book titled '2023 Dependency Management Report' by Endor Labs with icons and author photos on the cover.

Code Prompt Library

Dark green square with rounded corners featuring a coding symbol consisting of less-than and greater-than signs with a slash.

Artifact Signing

SCA for Python and AI Apps

Company

About

Achievements

Gartner Cool Vendor

CRN Stellar Startup

Intellyx Digital Innovation Award

See How It Works in Action

Introducing AI SAST That Thinks Like a Security Engineer

Product

Platform

Platform Overview

Use cases

Reachability-based SCA

AI Model Governance

SBOM & Compliance

AI Security Code Review

Security Patches

Secrets Detection

Container Security

Malware Detection

Ecosystem

Languages & Integrations

Microsoft Defender for Cloud

GitHub Advanced Security

Learn

Resources

Customer Stories

Ebooks & Reports

Tools

Code Prompt Library

Featured resources

State of Dependency Management 2025

3D render of a book titled '2023 Dependency Management Report' by Endor Labs with icons and author photos on the cover.

Code Prompt Library

Dark green square with rounded corners featuring a coding symbol consisting of less-than and greater-than signs with a slash.

Artifact Signing

SCA for Python and AI Apps

Company

About

Achievements

Gartner Cool Vendor

CRN Stellar Startup

Intellyx Digital Innovation Award

See How It Works in Action

Learn

Learn about software supply chain security and Endor Labs.

Featured resources

Classic Vulnerabilities Meet AI Infrastructure: Why MCP Needs AppSec

Blog

Classic Vulnerabilities Meet AI Infrastructure: Why MCP Needs AppSec

Jan 23, 2026

How Fake Font Packages Abused npm as a CDN

Blog

How Fake Font Packages Abused npm as a CDN

Jan 23, 2026

Understanding NPM Worms and the Shai-Hulud Attack

Blog

Understanding NPM Worms and the Shai-Hulud Attack

Nov 25, 2025

StackHawk + Endor Labs: Correlating SAST and DAST Alerts

Blog

StackHawk + Endor Labs: Correlating SAST and DAST Alerts

Nov 20, 2025

Topic

AI/ML

CI/CD

Compliance & SBOM

Developer Productivity

First Party Code

Malware

News

Open Source

Opinion

SCA

Security

Tech

Medium

Blog

Customer Story

Ebook/Report

Solution Brief

Video

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

CI/CD

Security

Improve Kubernetes Security with Signed Artifacts and Admission Controllers by David Archer

Blog

Improve Kubernetes Security with Signed Artifacts and Admission Controllers

Apr 23, 2024

Developer Productivity

Open Source

Opinion

Security

Tech

AppSec Goes to Devnexus: Lessons from a Thriving, Modern Java Community by Darren Meyer

Blog

AppSec Goes to Devnexus: Lessons from a Thriving, Modern Java Community

Apr 16, 2024

CI/CD

Security

Compliance & SBOM

Artifact Signing 101 - On-Demand Webinar

Video

Artifact Signing 101 - On-Demand Webinar

Apr 10, 2024

Security

Open Source

Compliance & SBOM

SCA

XZ Backdoor: How to Prepare for the Next One by Jamie Scott

Blog

XZ Backdoor: How to Prepare for the Next One

Apr 3, 2024

Security

Open Source

Opinion

XZ is A Wake Up Call For Software Security: Here's Why by Dimitri Stiliadis

Blog

XZ is A Wake Up Call For Software Security: Here's Why

Apr 1, 2024

Compliance & SBOM

SSDF Compliance and Attestation by Chris Hughes

Blog

SSDF Compliance and Attestation

Mar 26, 2024

CI/CD

Security

You Have a Shadow Pipeline Problem by Darren Meyer

Blog

You Have a Shadow Pipeline Problem

Mar 19, 2024

SCA

Open Source

Security

Remediating Vulnerabilities vs. Maintaining Current Dependencies

Blog

Remediating Vulnerabilities vs. Maintaining Current Dependencies

Mar 13, 2024

SCA

Security

Prioritizing SCA Findings with Reachability Analysis - On-Demand Webinar

Video

Prioritizing SCA Findings with Reachability Analysis - On-Demand Webinar

Mar 6, 2024

CI/CD

Compliance & SBOM

Security

Signing Your Artifacts For Security, Quality, and Compliance

Blog

Signing Your Artifacts For Security, Quality, and Compliance

Mar 5, 2024

Open Source

SCA

Security

Malware

Detecting Malicious Packages in Open Source Dependencies by Henrik Plate

Blog

Detect Malicious Packages Among Your Open Source Dependencies

Feb 28, 2024

News

Tom Gleason Joins Endor Labs as VP of Customer Solutions

Blog

Tom Gleason Joins Endor Labs as VP of Customer Solutions

Feb 20, 2024

CI/CD

Compliance & SBOM

Security

Introducing CI/CD Security with Endor Labs

Blog

Introducing CI/CD Security with Endor Labs

Feb 14, 2024

Security

Open Source

SCA

How to Improve SCA in GitHub Advanced Security

Video

How to Improve SCA in GitHub Advanced Security - Tutorial

Feb 5, 2024

Security

Open Source

SCA

Compliance & SBOM

How to Ingest and Manage SBOMs

Video

How to Ingest and Manage SBOMs - Tutorial

Jan 30, 2024

Compliance & SBOM

Tech

VMware achieves SBOM compliance for over 100 services with Endor Labs

Customer Story

VMware Achieves SBOM Compliance for Over 100 Services with Endor Labs

Jan 29, 2024

Security

AI/ML

AI-Supported Environment Debugging for Endor Labs

Blog

AI-Supported Environment Debugging for Endor Labs

Jan 25, 2024

Security

Open Source

SCA

Compliance & SBOM

How to Generate SBOM and VEX

Video

How to Generate SBOM and VEX - Tutorial

Jan 23, 2024

Security

AI/ML

Open Source

How to Use AI for Open Source Selection

Video

How to Use AI for Open Source Selection - Tutorial

Jan 9, 2024

Security

SCA

News

Introducing a Better Way to SCA for Monorepos and Bazel

Blog

Introducing a Better Way to SCA for Monorepos and Bazel

Jan 8, 2024

SCA

Security

Opinion

5 Types of Reachability Analysis (and Which is Right for You)

Blog

5 Types of Reachability Analysis (and Which is Right for You)

Jan 2, 2024

...

10 / 14

Want to stay in the loop?

Sign up for our newsletter.

Email

Welcome to the resistance

Oops! Something went wrong while submitting the form.

Home Pricing Contact Us

Company

LEARN

Blog Documentation eBook / Reports Events LeanAppSec Solution Brief Video

Tools

TEI Calculator Risk Explorer

Why Us?

vs. Snyk vs. Semgrep vs. Socket vs. Traditional SCA vs. Runtime SCA

Products

Endor Labs Supply Chain

Endor Open Source

Use Cases

Secrets Detection Secrets Detection

AI-Native Static Application Security Testing (SAST)AI-Native Static Application Security Testing (SAST)

Malicious Package Detection Malicious Package Detection

Code Scanning Code Scanning

AI Code Governance AI Code Governance

Upgrades & Remediation Upgrades & Remediation

SBOM Ingestion SBOM Ingestion

AI Apps AI Apps

Bazel Monorepos Bazel Monorepos

Digital Operational Resilience Act (DORA)Digital Operational Resilience Act (DORA)

PCI DSS PCI DSS

Container Scanning Container Scanning

GitHub Actions GitHub Actions

CI/CD Discovery CI/CD Discovery

Artifact Signing Artifact Signing

Compliance & SBOM Compliance & SBOM

SCA with Reachability SCA with Reachability

Integrations

VS Code / GitHub Copilot VS Code / GitHub Copilot

Microsoft Defender for Cloud Microsoft Defender for Cloud

Bitbucket Bitbucket

.NET (C#).NET (C#)

TypeScript TypeScript

JavaScript JavaScript

Jenkins Jenkins

CircleCI CircleCI

© 2025 Endor Labs. All rights reserved.

Legal and Privacy Trust and Security

All names, logos, and brands of third parties listed on our site are trademarks of their respective owners. Endor Labs and its products and services are not endorsed by, sponsored by, or affiliated with these third parties. Our use of these names, logos, and brands is for identification purposes only, and does not imply any such endorsement, sponsorship, or affiliation.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.