Sign up now
Schedule
Want to stay in the loop?
Sign up for our newsletter.
Phantom dependencies are dependencies used by your code that are not declared in the manifest. If you miss them, they can sneak reachable risks into your application, lead to false positives, or inaccurate SBOMs. All very spooky. This article breaks down how phantom dependencies happen, and how to catch them.
Click to read
SINET, an organization with the mission to accelerate Cybersecurity innovation through public-private partnerships, announced today that Endor Labs is one of the winners of its annual SINET16 Innovator Award. Endor Labs and 15 other emerging companies are identified as the most innovative and compelling technologies in their fields to address Cybersecurity threats and vulnerabilities.
Click to read
Exploit Prediction Scoring Systems (EPSS) is a data set that helps you understand the likelihood that a CVE will be exploited. Learn what the EPSS includes and how to use it to prioritize vulnerability remediation.
Click to read
What’s the best of the best when it comes to open source security tools?We’ve previously talked about the OpenSSF Scorecard, which gives developers a high-level snapshot of the security of any given open source project. But in this post, we’ll talk about a related project, the Open Source Security Index (OSSI), which does something slightly different and complementary.
Click to read
As projects grow larger and more complex, developers face challenges in maintaining a clean and efficient development workflow. Fortunately, npm workspaces offer an essential solution to streamline JavaScript development. In this blog post, we will explore the concept of npm/yarn workspaces, its importance, and how Endor Labs works with them.
Click to read
CVSS, KEV, SVCC, EPSS, and reachability analysis are 5 method used to prioritize open source vulnerabilities for remediation. Do you need all 5? Which is the best? It turns out a combination of factors (and a tool that can bring it all together) is the best solution.
Click to read
The State of Dependency Management 2023 reports on the latest research on dependency management and how AI is impacting the application security landscape.
Click to read
Endor Labs is committed to providing cutting-edge solutions that address the challenges faced by platform engineering and DevSecOps teams in meeting application security needs.
Click to read
At Endor Labs, we continue evaluating the use of large language models (LLMs) for all kinds of use-cases related to application security. And we continue to be amazed about high-quality responses … until we’re amused about the next laughably wrong answer.
Click to read
Developers are bombarded with information every day. Constant context switching and information overload are among the biggest barriers to productivity. There are simply too many demands for their attention. One day the sales team will understand. Right?
Click to read
Experiments with GPT-3.5 suggest that LLM-based malware reviews can complement, but not yet substitute human reviews. 1800 binary classifications performed with GPT-3.5 included false-positives and false-negatives.
Click to read
We’re excited to announce our latest partnership with Zinfinity as a strategic partner. Zinfinity is a global provider of technology solutions and services with a focus on Cyber Security, Cloud and Digital Infrastructure.
Click to read
Explore the different types of open source licenses and how they impact the use, modification, and distribution of open source software. From GPL to Apache, MIT and more, learn the key differences between permissive and restrictive licenses and how to choose the right one for your project.
Click to read
Solution from category-defining entrepreneurs and world-renowned experts helps developers spend less time dealing with security issues, more time accelerating their development through safe code reuse.
Click to read
Join Darren Meyer (Staff Research Engineer, Endor Labs) for a 30-minute webinar to learn how reachability analysis can reduce SCA noise by 80%+. The session will kick off with a technical overview and demo, followed by live Q&A. He'll cover:
Sign up for our newsletter.