Learn

Learn about software supply chain security and Endor Labs.

Featured resources

Container Scanning + SCA = Better Together
Blog
Jun 11, 2024

Container Scanning + SCA = Better Together

An Auditor’s Perspective on Addressing OSS Vulnerabilities for PCI DSS v4 by Jenn Gile
Blog
May 2, 2024

An Auditor’s Perspective on Addressing OSS Vulnerabilities for PCI DSS v4

Guide to Implementing Software Supply Chain Security, What to Consider When Designing a Program
Ebook/Report
Apr 30, 2024

Guide to Implementing Software Supply Chain Security

VMware achieves SBOM compliance for over 100 services with Endor Labs
Customer Story
Jan 29, 2024

VMware Achieves SBOM Compliance for Over 100 Services with Endor Labs

Topic
Medium
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
SCA
Open Source
Security
Compliance & SBOM
Container Scanning + SCA = Better Together
Blog
Jun 11, 2024

Container Scanning + SCA = Better Together

SCA
Open Source
Security
Blog
Jun 4, 2024

Evaluating and Scoring OSS Packages

News
Blog
Jun 4, 2024

Endor Labs Named to Rising in Cyber by CISOs and Venture Capital Investors

SCA
Compliance & SBOM
Open Source
Security
Demystifying Transitive Dependency Vulnerabilities
Blog
May 31, 2024

Demystifying Transitive Dependency Vulnerabilities

CI/CD
Security
Open Source
Surprise! Your GitHub Actions Are Dependencies Too
Blog
May 28, 2024

Surprise! Your GitHub Actions Are Dependencies, Too

News
Blog
May 21, 2024

Endor Labs Partners with GuidePoint Security to Secure The Software Supply Chain

SCA
Security
Protect Mobile Apps with Kotlin and Swift SCA
Blog
May 21, 2024

Protect Mobile Apps with Kotlin and Swift SCA

Compliance & SBOM
SCA
Security
OSS Vulnerabilities and the Digital Operational Resilience Act (DORA)
Blog
May 21, 2024

OSS Vulnerabilities and the Digital Operational Resilience Act (DORA)

CI/CD
Compliance & SBOM
SCA
Intro to Endor Labs- On-Demand Webinar
Video
May 15, 2024

Intro to Endor Labs - On-Demand Webinar

SCA
Open Source
Security
 OWASP OSS Risk 1: Known Vulnerabilities, by Camila Odlund and Jenn Gile
Blog
May 14, 2024

OWASP OSS Risk 1: Known Vulnerabilities

CI/CD
Security
Low-Code/No Code Artifact Signing by Diamantis Kourkouzelis
Blog
May 7, 2024

Low-Code/No Code Artifact Signing

Compliance & SBOM
Open Source
SCA
An Auditor’s Perspective on Addressing OSS Vulnerabilities for PCI DSS v4 by Jenn Gile
Blog
May 2, 2024

An Auditor’s Perspective on Addressing OSS Vulnerabilities for PCI DSS v4

Security
SCA
CI/CD
Compliance & SBOM
Open Source
Guide to Implementing Software Supply Chain Security, What to Consider When Designing a Program
Ebook/Report
Apr 30, 2024

Guide to Implementing Software Supply Chain Security

CI/CD
Compliance & SBOM
Security
Your Git Repo is a Supply Chain Risk by Darren Meyer
Blog
Apr 30, 2024

Your Git Repo is a Supply Chain Risk

CI/CD
Security
Improve Kubernetes Security with Signed Artifacts and Admission Controllers by David Archer
Blog
Apr 23, 2024

Improve Kubernetes Security with Signed Artifacts and Admission Controllers

Developer Productivity
Open Source
Opinion
Security
Tech
AppSec Goes to Devnexus: Lessons from a Thriving, Modern Java Community by Darren Meyer
Blog
Apr 16, 2024

AppSec Goes to Devnexus: Lessons from a Thriving, Modern Java Community

CI/CD
Security
Compliance & SBOM
Artifact Signing 101 - On-Demand Webinar
Video
Apr 10, 2024

Artifact Signing 101 - On-Demand Webinar

Security
Open Source
Compliance & SBOM
SCA
XZ Backdoor: How to Prepare for the Next One by Jamie Scott
Blog
Apr 3, 2024

XZ Backdoor: How to Prepare for the Next One

Security
Open Source
Opinion
XZ is A Wake Up Call For Software Security: Here's Why by Dimitri Stiliadis
Blog
Apr 1, 2024

XZ is A Wake Up Call For Software Security: Here's Why

Compliance & SBOM
SSDF Compliance and Attestation by Chris Hughes
Blog
Mar 26, 2024

SSDF Compliance and Attestation

CI/CD
Security
You Have a Shadow Pipeline Problem by Darren Meyer
Blog
Mar 19, 2024

You Have a Shadow Pipeline Problem

SCA
Open Source
Security
Remediating Vulnerabilities vs. Maintaining Current Dependencies
Blog
Mar 13, 2024

Remediating Vulnerabilities vs. Maintaining Current Dependencies

SCA
Security
Prioritizing SCA Findings with Reachability Analysis - On-Demand Webinar
Video
Mar 6, 2024

Prioritizing SCA Findings with Reachability Analysis - On-Demand Webinar

CI/CD
Compliance & SBOM
Security
Signing Your Artifacts For Security, Quality, and Compliance
Blog
Mar 5, 2024

Signing Your Artifacts For Security, Quality, and Compliance

Open Source
SCA
Security
Detecting Malicious Packages in Open Source Dependencies by Henrik Plate
Blog
Feb 28, 2024

Detect Malicious Packages Among Your Open Source Dependencies

News
Tom Gleason Joins Endor Labs as VP of Customer Solutions
Blog
Feb 20, 2024

Tom Gleason Joins Endor Labs as VP of Customer Solutions

CI/CD
Compliance & SBOM
Security
Introducing CI/CD Security with Endor Labs
Blog
Feb 14, 2024

Introducing CI/CD Security with Endor Labs

Security
Open Source
SCA
How to Improve SCA in GitHub Advanced Security
Video
Feb 5, 2024

How to Improve SCA in GitHub Advanced Security - Tutorial

Security
Open Source
SCA
Compliance & SBOM
How to Ingest and Manage SBOMs
Video
Jan 30, 2024

How to Ingest and Manage SBOMs - Tutorial

No items found.
VMware achieves SBOM compliance for over 100 services with Endor Labs
Customer Story
Jan 29, 2024

VMware Achieves SBOM Compliance for Over 100 Services with Endor Labs

Security
AI/ML
AI-Supported Environment Debugging for Endor Labs
Blog
Jan 25, 2024

AI-Supported Environment Debugging for Endor Labs

Security
Open Source
SCA
Compliance & SBOM
How to Generate SBOM and VEX
Video
Jan 23, 2024

How to Generate SBOM and VEX - Tutorial

Security
AI/ML
Open Source
How to Use AI for Open Source Selection
Video
Jan 9, 2024

How to Use AI for Open Source Selection - Tutorial

Security
SCA
News
Introducing a Better Way to SCA for Monorepos and Bazel
Blog
Jan 8, 2024

Introducing a Better Way to SCA for Monorepos and Bazel

SCA
Security
Opinion
5 Types of Reachability Analysis (and Which is Right for You)
Blog
Jan 2, 2024

5 Types of Reachability Analysis (and Which is Right for You)

Security
Tech
What’s in a Name? A Look at the Software Identification Ecosystem
Blog
Dec 20, 2023

What’s in a Name? A Look at the Software Identification Ecosystem

Security
What you need to know about Apache Struts and CVE-2023-50164
Blog
Dec 18, 2023

What You Need to Know About Apache Struts and CVE-2023-50164

Security
SCA
Introducing JavaScript Reachability and Phantom Dependency Detection
Blog
Dec 12, 2023

Introducing JavaScript Reachability and Phantom Dependency Detection

Security
SCA
MileIQ securely reimagines a decade old product with Endor Labs
Customer Story
Dec 11, 2023

MileIQ Securely Reimagines a Decade Old Product with Endor Labs

Security
Compliance & SBOM
How CycloneDX VEX Makes Your SBOM Useful
Blog
Dec 8, 2023

How CycloneDX VEX Makes Your SBOM Useful

Secret Detection
Security
How to Scan and Prioritize Valid Secrets
Video
Dec 6, 2023

How to Scan and Prioritize Valid Secrets - Tutorial

Security
Compliance & SBOM
SBOM Requirements for Medical Devices
Blog
Dec 5, 2023

SBOM Requirements for Medical Devices

Security
Compliance & SBOM
CISA and NCSC's Take on Secure AI Development
Blog
Nov 30, 2023

CISA and NCSC's Take on Secure AI Development

Security
Open Source
Open Source Security 101: How to Evaluate Your Open Source Security Posture
Blog
Nov 16, 2023

Open Source Security 101: How to Evaluate Your Open Source Security Posture

News
Endor Labs is a CRN 2023 Stellar Startup!
Blog
Nov 13, 2023

Endor Labs is a CRN 2023 Stellar Startup!

Security
SCA
Static SCA vs. Dynamic SCA: Which is Better (and Why it’s Neither)
Blog
Nov 13, 2023

Static SCA vs. Dynamic SCA: Which is Better (and Why it’s Neither)

SCA
Open Source
How to Prioritize Reachable Open Source Software (OSS) Vulnerabilities
Video
Nov 9, 2023

How to Prioritize Reachable Open Source Software (OSS) Vulnerabilities - Tutorial

SCA
AI/ML
Open Source
Open Source Security for Python and AI Apps
Solution Brief
Nov 6, 2023

Open Source Security for Python and AI Apps

Security
Secret Detection
How To Evaluate Secret Detection Tools
Blog
Oct 31, 2023

How To Evaluate Secret Detection Tools

Security
SCA
Why SCA tools can't agree if something is a CVE
Blog
Oct 20, 2023

Why SCA Tools Can't Agree if Something is a CVE

Security
Compliance & SBOM
5 Federal Software Supply Chain Requirements You Should Be Aware Of
Blog
Oct 16, 2023

5 Federal Software Supply Chain Requirements You Should Be Aware Of

Security
SCA
You found vulnerabilities in your dependencies, now what?
Blog
Oct 6, 2023

You Found Vulnerabilities in Your Dependencies, Now What?

SCA
Dependency Resolution in Python: Beware The Phantom Dependency
Blog
Sep 28, 2023

Dependency Resolution in Python: Beware The Phantom Dependency

News
Chris Hughes Joins Endor Labs as Chief Security Advisor
Blog
Sep 26, 2023

Chris Hughes Joins Endor Labs as Chief Security Advisor

Developer Productivity
SCA
Understanding Python Manifest Files: Part 1
Blog
Sep 20, 2023

Understanding Python Manifest Files

SCA
Why Your SCA is Always Wrong
Blog
Sep 12, 2023

Why Your SCA is Always Wrong

Security
Endor Labs Named 2023 SINET16 Innovator Award Winner
Blog
Sep 7, 2023

Endor Labs Named 2023 SINET16 Innovator Award Winner

Security
SCA
Combining the Exploit Prediction Scoring System (EPSS) with reachability analysis to optimize your vulnerability management program
Blog
Sep 6, 2023

Combining EPSS and Reachability Analysis to Optimize Vulnerability Management

Security
SCA
News
Introducing SCA reachability analysis for Python, Go, and C#
Blog
Sep 5, 2023

Introducing Reachability-Based SCA for Python, Go, and C#

SCA
Open Source
Reachability Analysis for Python, Go, C#
Video
Sep 5, 2023

Reachability Analysis for Python, Go, C# - Webinar

Security
Open Source
The Open Source Security Index Top 5
Blog
Aug 29, 2023

The Open Source Security Index Top 5

Security
SCA
Faster SCA with Endor Labs and npm workspaces
Blog
Aug 28, 2023

Faster SCA with Endor Labs and npm Workspaces

Security
SCA
Endor Labs & Github Advanced Security: AppSec Without The Productivity Tax
Blog
Aug 7, 2023

Endor Labs & Github Advanced Security: AppSec Without The Productivity Tax

Security
Compliance & SBOM
Key questions for your SBOM program
Blog
Aug 7, 2023

Key Questions for Your SBOM Program

News
SCA
Endor Labs raises $70M in series A funding to reform application security
Blog
Aug 3, 2023

Endor Labs Raises $70M in Series A Funding to Reform Application Security

Security
SCA
How should I prioritize software vulnerabilities?
Blog
Jul 28, 2023

How Should I Prioritize Software Vulnerabilities?

Security
Divide and Hide: How malicious code lived on PyPI for 3 months
Blog
Jul 21, 2023

Divide and Hide: How Malicious Code Lived on PyPI for 3 months

SCA
AI/ML
Security
Open Source
State of Dependency Management 2023
Ebook/Report
Jul 20, 2023

State of Dependency Management 2023

News
Endor Labs’ ‘State of Dependency Management 2023’ Report Offers Insight on Explosive Popularity of AI and LLMs—and How They Impact Application Security
Blog
Jul 20, 2023

Endor Labs’ ‘State of Dependency Management 2023’ Report Offers Insight on Explosive Popularity of AI and LLMs—and How They Impact Application Security

News
Endor Labs Recognized as a Cool Vendor in the 2023 Gartner® Cool Vendors™ in Platform Engineering for Scaling Application Security Practices
Blog
Jul 12, 2023

Endor Labs Recognized as a Cool Vendor in the 2023 Gartner® Cool Vendors™ in Platform Engineering for Scaling Application Security Practices

Security
SCA
Open Source
Visualizing the Impact of Call Graphs on Open Source Security
Blog
Jun 30, 2023

Visualizing the Impact of Call Graphs on Open Source Security

Security
SCA
Why Different SCA Tools Produce Different Results
Blog
Jun 29, 2023

Why Different SCA Tools Produce Different Results

Security
SCA
Strengthening Security in .NET Development with packages.lock.json
Blog
Jun 28, 2023

Strengthening Security in .NET Development with packages.lock.json

SCA
Open Source
How Security and Engineering Can Scale Open Source Security
Video
Jun 23, 2023

How Security and Engineering Can Scale Open Source Security - Webinar

SCA
Open Source
Highlights from State of Dependency Management 2022
Video
Jun 23, 2023

Highlights from State of Dependency Management 2022 - Webinar

Compliance & SBOM
News
Security
Endor Labs is SOC 2 Type II Certified!
Blog
Jun 15, 2023

Endor Labs is SOC 2 Type II Certified!

Security
SCA
Open Source
Reviewing Malware with LLMs: OpenAI vs. Vertex AI
Blog
Jun 5, 2023

Reviewing Malware with LLMs: OpenAI vs. Vertex AI

News
Endor Labs Wins Intellyx Digital Innovation Award
Blog
May 23, 2023

Endor Labs Wins Intellyx Digital Innovation Award

News
Endor Labs Recognized As a 2023 Bay Area Best Place to Work
Blog
May 5, 2023

Endor Labs Recognized As a 2023 Bay Area Best Place to Work

Security
Developer Productivity
SCA
Make Developers' Lives Easier with Endor Labs & GitHub Advanced Security
Blog
May 3, 2023

Make Developers' Lives Easier with Endor Labs & GitHub Advanced Security

Security
LLM-assisted Malware Review: AI and Humans Join Forces to Combat Malware
Blog
Apr 17, 2023

LLM-assisted Malware Review: AI and Humans Join Forces to Combat Malware

News
Endor Labs Selected as Finalist for RSA Conference 2023 Innovation Sandbox
Blog
Mar 22, 2023

Endor Labs Selected as Finalist for RSA Conference 2023 Innovation Sandbox

News
Endor Labs Announces 100% Channel Commitment, Launches Global Hyperdrive Program to Arm Resellers and Solution Providers with Unprecedented Software Supply Chain Security
Blog
Mar 16, 2023

Announcing the Endor Labs Hyperdrive Program for Resellers and Solution Providers

News
Endor Labs partners with Zinfinity to help enterprise safely adopt Open Source Software
Blog
Mar 6, 2023

Endor Labs partners with Zinfinity to help enterprise safely adopt Open Source Software

SCA
Security
Open Source
OWASP Top 10 Risks for Open Source
Ebook/Report
Mar 1, 2023

OWASP Top 10 Risks for Open Source

Security
Compliance & SBOM
How to quickly measure SBOM accuracy for Maven projects (for free)
Blog
Feb 28, 2023

How to Quickly Measure SBOM Accuracy for Maven Projects (for Free)

Compliance & SBOM
News
Security
Endor Labs is SOC2 Certified!
Blog
Feb 9, 2023

Endor Labs is SOC2 Certified!

SCA
Open Source
Comparing SBOMs Generated at Different Lifecycle Stages
Video
Feb 3, 2023

Comparing SBOMs Generated at Different Lifecycle Stages - Webinar

SCA
Open Source
Introduction to Open Source Security
Video
Feb 3, 2023

Introduction to Open Source Security - Webinar

Security
Compliance & SBOM
SBOM vs. SBOM: Comparing SBOMs from different tools and lifecycle stages
Blog
Feb 2, 2023

SBOM vs. SBOM: Comparing SBOMs from Different Tools and Lifecycle Stages

Developer Productivity
Security
What breaking changes teach us about security
Blog
Jan 31, 2023

What Breaking Changes Teach Us about Security

Compliance & SBOM
Open Source Licensing Simplified: A Comparative Overview of Popular Licenses
Blog
Jan 24, 2023

Open Source Licensing Simplified: A Comparative Overview of Popular Licenses

Security
Compliance & SBOM
What is VEX and why should I care?
Blog
Jan 18, 2023

What is VEX and Why Should I Care?

Security
Open Source
Whatfuscator, malicious open source packages, and other beasts
Blog
Jan 9, 2023

Whatfuscator, Malicious Open Source Packages, and Other Beasts

Security
Exploring Risk: Understanding Software Supply Chain Attacks
Blog
Jan 5, 2023

Exploring Risk: Understanding Software Supply Chain Attacks

News
Endor Labs and Intuitive partner to help enterprises leverage open source software most securely and effectively
Blog
Jan 2, 2023

Endor Labs and Intuitive Partner to Help Enterprises Leverage OSS

SCA
Security
What is reachability-based dependency analysis?
Blog
Dec 21, 2022

What is Reachability-Based Dependency Analysis?

SCA
Security
Open Source
State of Dependency Management 2022
Ebook/Report
Dec 8, 2022

State of Dependency Management 2022

SCA
Open Source
Why We Need Static Analysis When Prioritizing Vulnerabilities
Video
Dec 6, 2022

Why We Need Static Analysis When Prioritizing Vulnerabilities - Webinar

Security
What are Maven dependency scopes and their related security risks?
Blog
Nov 29, 2022

What are Maven Dependency Scopes and Their Related Security Risks?

no-results
Sorry, no results matching your search.

Want to stay in the loop?

Sign up for our newsletter.

Welcome to the resistance
Oops! Something went wrong while submitting the form.