Search Results

Like anything in computer science and programming, there’s more than one way to solve a problem or get a result. SCA (software composition analysis) is no different.

Learn how packages.lock.json can help maintain a secure .NET development and why it should be part of your development workflow.

In this on-demand webinar we discuss the key research findings from our 2022 report "State of Dependency Management."

In this on-demand video we discuss open source dependency management and considerations for implementing AppSec programs to protect OSS.

Proving once again open source governance doesn’t have to SOC, yes I made that joke again and I’m not sorry. We’re excited to announce we have received a clean audit result on our SOC2 Type II certification.

At Endor Labs, we continue evaluating the use of large language models (LLMs) for all kinds of use-cases related to application security. And we continue to be amazed about high-quality responses … until we’re amused about the next laughably wrong answer.

We've been named a winner of the 2023 Intellyx Digital Innovator Award, recognizing technology providers driving enterprise digital transformation. Learn more.

I mean, who wouldn't want to work with a bunch of Ewoks?

Developers are bombarded with information every day. Constant context switching and information overload are among the biggest barriers to productivity. There are simply too many demands for their attention. One day the sales team will understand. Right?

Experiments with GPT-3.5 suggest that LLM-based malware reviews can complement, but not yet substitute human reviews. 1800 binary classifications performed with GPT-3.5 included false-positives and false-negatives.

Endor Labs recognized for innovation in helping enterprises manage open source risk.

The Hyperdrive partner program enables organizations of all sizes to embrace open source software with confidence.

We’re excited to announce our latest partnership with Zinfinity as a strategic partner. Zinfinity is a global provider of technology solutions and services with a focus on Cyber Security, Cloud and Digital Infrastructure.

Emerging trends impacting open source dependency management

SBOM-Lab is an open source tool that lets you quickly compare SBOM generation methods for Maven projects and find the right one for you.

Open Source security doesn't have to SOC (sorry, I had to). We're excited to announce we have received a clean audit result on our SOC2 Type 1 certification.

In this on-demand webinar we help you understand the basics of dependency management and how they can be vulnerable to security risks.

In this on-demand webinar, we share research on the variation in SBOMs depending on tool and when the documents are generated.

Software vendors active in certain verticals will soon be required to provide customers with SBOMs for their products. But how and when should an SBOM for a given piece of software be produced?

GitHub rolled out a release that had some breaking changes to Git. Here's what we learned from it.

Explore the different types of open source licenses and how they impact the use, modification, and distribution of open source software. From GPL to Apache, MIT and more, learn the key differences between permissive and restrictive licenses and how to choose the right one for your project.

An SBOM without VEX is like peanut butter without jelly. SBOM is a top buzzword in cybersecurity, but it's important to understand why VEX (Vulnerability Exploitability eXchange) is such a critical companion document.

Join Henrik to learn how his journey into Go programming turned into a path of malicious OSS packages.

Naming and understanding the attack vectors at the disposal of our adversaries.

Endor Labs and Intuitive.Cloud announce strategic partnership and investment with the goal of taking on OSS sprawl.

Reachability analysis increases reliability of SCA results, allowing teams to quickly prioritize just the risks that matter.

In their inaugural report, the Station 9 research team explores the complexities of open source dependencies and the top security considerations for open source adoption at the enterprise.

In this on-demand webinar, we explain the role of static analysis of open source dependencies in an application security program.

This article explores Maven dependency scopes: What are they, what are they used for, and how do they impact security risks?

This blog summarizes highlights from Tragedy of the Digital Commons, by Strauss Center scholar and lecturer Chinmayi Sharma, where she shares the OSS state of affairs and her thoughts on improving security.

Program analysis is the process of checking whether or not a piece of software fulfills certain properties. This article explores the basics of program analysis, so we could then dive deeper into the world of call graphs.

After a comprehensive diligence process on startups in the supply chain and open source security space, over 30 CISOs have chosen to personally back Endor Labs.

Endor Labs raises $25M seed round.

Solution from category-defining entrepreneurs and world-renowned experts helps developers spend less time dealing with security issues, more time accelerating their development through safe code reuse.

Do you know what goes into the software your company consumes? If your answer was sticky tape and glue, you clearly work in technology. Congratulations, this article is for you.

The Scorecard API makes it easier to automate and enforce your dependency policies. Naveen is one of the key contributors to the Scorecard projects, in this article, he walks through how it works!

Thinking about using Github's REST API within your system, or already doing so? If you have not already encountered this concept, one important thing to keep in mind while developing is Github's concept of rate limiting.

Sriram Subramanian recently left his position as VP of Engineering at Citrix to lead the India R&D center at Endor Labs. We asked him what made him take the leap and what's his vision for the India team.

Learn how Zero Trust principles help OSS adoption

Learn how to begin threat models and make more informed risk management decisions regarding their software development practices.

The recent report from the CSRB gives a step by step account of Log4j, from discovery to remediation, and uncovers a painful insight - sometimes the response is just as dangerous as the vulnerability.

In this article, we explore the impact of using a monorepo vs a polyrepo architecture on dependency management.