Fix vulnerabilities without breaking changes
Fix what’s easy, and magically patch hard-to-upgrade packages.
GitHub Actions are open source dependencies - secure them accordingly! Learn how to effectively manage the security risks associated with GitHub Actions with a proactive approach focusing on three key areas: visibility, hardening, and dependency management.
Click to read
Solution from category-defining entrepreneurs and world-renowned experts helps developers spend less time dealing with security issues, more time accelerating their development through safe code reuse.
Click to read
At Endor Labs, we continue evaluating the use of large language models (LLMs) for all kinds of use-cases related to application security. And we continue to be amazed about high-quality responses … until we’re amused about the next laughably wrong answer.
Click to read
What’s the best of the best when it comes to open source security tools?We’ve previously talked about the OpenSSF Scorecard, which gives developers a high-level snapshot of the security of any given open source project. But in this post, we’ll talk about a related project, the Open Source Security Index (OSSI), which does something slightly different and complementary.
Click to read
Experiments with GPT-3.5 suggest that LLM-based malware reviews can complement, but not yet substitute human reviews. 1800 binary classifications performed with GPT-3.5 included false-positives and false-negatives.
Click to read
Fix what’s easy, and magically patch hard-to-upgrade packages.
Improve ROI of remediation efforts. Identify which upgrades can have the highest security impact in conjunction with the effort it takes.
Give time back to developers. Reduce the need for manual research by providing developers with a prioritized list of upgrades ranked by complexity and impact.
Address risks faster. Make informed estimations of fix efforts with standardized research so you can quickly implement low effort/low risk fixes and make prioritization decisions for complex fixes.
Respond to emerging threats. Be ready for the next Spring4Shell with peace of mind that you can obtain a patch from us to ensure you stay safe while you work to upgrade dependencies.
Balance developer workloads. Reduce the urgency of upgrading so you can let developers focus on releasing their planned features without unexpected delays.
Support FedRAMP compliance. Mitigate vulnerability risk to protect sensitive information in alignment with government requirements.