Endor Labs

🚨 Imagine the rebels not knowing where to hit the Death Star—one vulnerability took down an empire.  But what if you’re staring at a flood of vulnerabilities with no clue which ones really matter? That’s the problem with most SCA tools—they give you too much noise and not enough signal. 🔍 At Endor Labs, we do things differently. We use program analysis to create a blueprint of your application, showing exactly how your code interacts with the code you reuse.  This lets you see that only 9.5% of vulnerabilities have a path to your code. 🎯 Instead of wasting time on every vulnerability, you can target the ones that truly pose a risk. Ready to focus on the vulnerabilities that matter?  Start your free trial now! 🌟 🔗 https://lnkd.in/gnkHuwvM #AppSec #SCA #cybersecurity

Join us tomorrow,  September 12th from 5:30 pm - 8:00 pm PT, at the Endor Labs HQ in Palo Alto for the Bay Area #Bazel Meet-up! Alexandre Wilhelm , Founding Engineer at Endor Labs and Alex Eagle Co-Founder of Aspect Build will share how to make your monorepo scanning more efficient and how to customize BUILD files using #Starlark Gazelle Extensions. It’s a great chance to connect, learn, and take your development process to the next level. Register here: https://hubs.ly/Q02LYT7Q0 #Bazelmeetup #AppSec #security

We're excited to announce our upcoming "Security in the City" Dinner event on October 2nd, co-hosted with our friends at GitHub. Our agenda features captivating speakers, followed by a chef's tasting at a restaurant near the GitHub San Francisco HQ. Space is limited, so DM me to secure your spot - Looking forward to seeing you there! Brian Hmelyar | Nick Gonzalez | Jamie S. #endorlabs #github #devsecops #developerproductivity

𝐈𝐭’𝐬 𝐇𝐚𝐜𝐤𝐚𝐭𝐡𝐨𝐧 𝐖𝐞𝐞𝐤! We know—you’ve got questions, requests, and the occasional “This needs to happen yesterday!” But this week’s special: our engineers (plus PMs and a few others) are deep in the trenches, cooking up new innovations. Hackathon has birthed some pretty cool stuff—like Magic Patches—so we’re all about that focus right now. Translation: if you’re hearing a lot of “Can we talk later?” or “Sorry, busy,” it’s not personal. Everyone’s knee-deep in code and caffeine. ☕💻 Response times might be a bit slower, but don’t worry—we’ll be back to speed with our usual Jira frenzy soon. (And yes, customer emergencies are still top priority!) Thanks for your patience! 𝐏.𝐒. 𝐒𝐞𝐫𝐢𝐨𝐮𝐬𝐥𝐲, 𝐰𝐚𝐭𝐜𝐡 𝐮𝐧𝐭𝐢𝐥 𝐭𝐡𝐞 𝐞𝐧𝐝. 𝐓𝐫𝐮𝐬𝐭 𝐦𝐞, 𝐢𝐭’𝐬 𝐰𝐨𝐫𝐭𝐡 𝐢𝐭. 👀 #Hackathon #Developers #AppSec #InnovationInProgress

See you this Wednesday in Tampa at OWASP® Foundation Lunch and Learn! 🗓️ When: Wednesday, Sep 11 📍 Where: The Neon Temple, Tampa 🍕 11:00 AM - Registration & Lunch 🎤 12:00 PM - Nate Michalov's talk on SCA in the AI era

Still just checking off security boxes and fixing problems after they hit production? Uh-oh! 😬 That's a recipe for chaos. It’s time to flip the script and build a proactive security culture before the fires start. Join us at LeanAppSec Live Fall 2024 for a session you won’t want to miss: “Building a Proactive Security Culture Through Behavioral Science.” Dustin Lehr will dive into how you can help shift mindsets, motivate your team, and stop chasing fires. From training and threat modeling to motivating your team with techniques from behavioral science, Dustin will cover it all. 💡𝐖𝐡𝐚𝐭 𝐲𝐨𝐮’𝐥𝐥 𝐥𝐞𝐚𝐫𝐧: - Why proactive practices are essential  - How to get your team to take action - Creative rewards that work - Metrics to win leadership support Join us on October 23rd! 🔗https://lnkd.in/gxgR5K_M #LeanAppSec #AppSec #SecurityCulture

🎊 It's time to celebrate everyone who joined the team in the past month! 🎊 Join us in welcoming our new EWoks! 👏🏼 🌟 Abhay Y N, Manager - FP&A & Accounting 🌟 Shijo Antony, Engineering 🌟 Alex Scott, Talent Acquisition Partner 🌟 Julien Sobrier, Principal Product Manager 🌟 Meenakshi S L, Security Engineer 🌟 David Tillery, Member of Technical Staff #AppSec #hiring #securityjobs

While talking about software supply chains, we often focus on the end product—the software artifacts we create and deploy. But what about the underlying CI/CD pipelines and tools that make it all happen?  These are just as critical to securing your software development process. In our latest blog, we break down: 👉 What CI/CD security is 👉 Why it matters 👉 The tools that can help you protect your pipelines from threats 🔗 https://lnkd.in/gU7W4tDW #CICD #AppSec #SDLC

How do you execute well on application security basics when you have small teams, little funding and an environment where everyone is freaking out about the threat-du-jour? You drill down on the basics and do them exceptionally well! October 23rd, LeanAppSec Live will take you Back to the Basics of Application Security. Join us for a full day of expert-led sessions and ample opportunities to connect with fellow professionals. Whether you’re just starting out or have years of experience, you’ll walk away with actionable tips to enhance your AppSec program. Register below 👇

In this tutorial, we show you how to use Endor Labs Open Source to generate #SBOMs (Software Bills of Material) and #VEX (Vulnerability Exploitability Exchange) documents—all in one place. 🛠️ Here’s why you should watch it 🔍 SBOMs give you a complete view of risks across your code and pipelines while satisfying stakeholder and compliance requirements. 🛡️ VEX documents add even more value by annotating vulnerabilities within your SBOMs. ✨ The best part? You can automate SBOM creation across different versions and languages using the same tool that handles your software composition analysis (SCA). No extra plugins, no extra hassle! Check out the tutorial and see how easy it is with Endor Labs! 🚀 🔗 https://lnkd.in/gG2MGWjh #SBOM #VEX #DevSecOps #opensource #SCA