Learn

Learn about software supply chain security and Endor Labs.

Featured resources

Blog
Nov 19, 2024

Microsoft Defender for Cloud Natively Integrates with Endor Labs

Start Clean With AI: Select Safer LLM Models with Endor Labs
Blog
Oct 16, 2024

Start Clean With AI: Select Safer LLM Models with Endor Labs

Ebook/Report
Sep 12, 2024

2024 Dependency Management Report

Blog
Aug 7, 2024

Introducing Upgrades & Remediation: Give Developers the Confidence to Fix

Topic
Medium
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
SCA
Security
Blog
Dec 3, 2024

Why OVAL Feeds Outperform NVD for Linux Vulnerability Management

SCA
Compliance & SBOM
Security
Blog
Nov 27, 2024

Achieving FedRAMP’s Container Scanning Requirements

Developer Productivity
Open Source
SCA
Blog
Nov 26, 2024

Breaking Changes, Breaking Trust

SCA
Open Source
Compliance & SBOM
Security
Reducing FedRAMP Compliance Costs with Endor Labs
Blog
Nov 22, 2024

Reducing FedRAMP Compliance Costs with Endor Labs

SCA
News
Security
Blog
Nov 19, 2024

Microsoft Defender for Cloud Natively Integrates with Endor Labs

AI/ML
Hugging Face Model Score Curation at Endor Labs
Blog
Nov 11, 2024

Hugging Face Model Score Curation at Endor Labs

First Party Code
SCA
Open Source
Security
Endor Labs Announces Integrated SAST Offerings
Blog
Nov 5, 2024

Endor Labs Announces Integrated SAST Offerings

Security
Compliance & SBOM
SCA
Open Source
Understanding the Cyber Resilience Act
Blog
Oct 23, 2024

Understanding the Cyber Resilience Act

AI/ML
Open Source
Security
Start Clean With AI: Select Safer LLM Models with Endor Labs
Blog
Oct 16, 2024

Start Clean With AI: Select Safer LLM Models with Endor Labs

Open Source
The U.S. Government Prioritizes Open Source Governance and Security
Blog
Oct 10, 2024

The U.S. Government Prioritizes Open Source Governance and Security

AI/ML
Security
Understanding the Basics of Large Language Models (LLMs)
Blog
Oct 8, 2024

Understanding the Basics of Large Language Models (LLMs)

Open Source
SCA
Security
Blog
Oct 2, 2024

Container Layer Analysis: Clarity in Remediation

Developer Productivity
SCA
Endor Labs Achieves 92% Reduction in SCA Alerts
Blog
Sep 30, 2024

Endor Labs Achieves 92% Reduction in SCA Alerts

Security
SCA
Developer Productivity
Blocking with Confidence: Relativity's Dev[eloper] Experience Journey
Blog
Sep 24, 2024

Blocking with Confidence: Relativity's Dev Experience Journey

Developer Productivity
SCA
Security
Customer Story
Sep 24, 2024

Relativity Blocks Risks with Endor Labs

Open Source
Highlights from Our 2024 Dependency Management Webinar
Blog
Sep 24, 2024

Highlights from Our 2024 Dependency Management Webinar

News
Karl Mattson Joins Endor Labs as Chief Information Security Officer
Blog
Sep 24, 2024

Karl Mattson Joins Endor Labs as Chief Information Security Officer

Open Source
Blog
Sep 23, 2024

48 most popular open source tools for Python applications, scored

SCA
Compliance & SBOM
FedRAMP Requirements for Vulnerability Management and Dependency Upgrades
Blog
Sep 20, 2024

FedRAMP Requirements for Vulnerability Management and Dependency Upgrades

Developer Productivity
SCA
Security
Fix Vulnerabilities Faster with Auto Patching and Endor Patches
Blog
Sep 18, 2024

Fix Vulnerabilities Faster with Auto Patching and Endor Patches

Open Source
SCA
News
Security
Announcing the 2024 Dependency Management Report
Blog
Sep 12, 2024

Announcing the 2024 Dependency Management Report

No items found.
Ebook/Report
Sep 12, 2024

2024 Dependency Management Report

Security
SCA
Developer Productivity
Building a DevSecOps Practice at Starburst
Blog
Sep 9, 2024

Building a DevSecOps Practice at Starburst

SCA
Security
Developer Productivity
Starburst Gets 98.3% Noise Reduction with Endor Labs
Customer Story
Sep 9, 2024

Starburst Gets 98.3% Noise Reduction with Endor Labs

CI/CD
Security
What is CI/CD Security and What Tools Do You Need to Do it?
Blog
Sep 5, 2024

What is CI/CD Security and What Tools Do You Need to Do it?

CI/CD
Security
Blog
Sep 3, 2024

PWN Request Threat: A Hidden Danger in GitHub Actions

SCA
Security
Blog
Aug 27, 2024

Address Open Source Risks with Endor Labs

Security
SCA
Blog
Aug 21, 2024

Endor Labs Partners with Microsoft to Strengthen Software Supply Chains

SCA
Developer Productivity
Blog
Aug 21, 2024

Give Devs the Confidence to Fix: Making Remediation Less Painful

No items found.
Blog
Aug 19, 2024

Prioritize Open Source Risks with Endor Labs

SCA
Security
Blog
Aug 14, 2024

Discover Open Source Risks with Endor Labs

Open Source
SCA
Blog
Aug 9, 2024

48 most popular open source tools for npm applications, scored

CI/CD
Security
Compliance & SBOM
Blog
Aug 8, 2024

Using Artifact Signing to Establish Provenance for SLSA

SCA
Security
Tech
Developer Productivity
Compare Endor Labs and Snyk GitHub Apps.
Blog
Aug 8, 2024

Benchmarking Endor Labs vs. Snyk’s GitHub Apps

SCA
Security
News
Developer Productivity
Blog
Aug 7, 2024

Introducing Upgrades & Remediation: Give Developers the Confidence to Fix

Developer Productivity
SCA
Video
Aug 7, 2024

How to Fix Vulnerabilities Without Breaking Changes

Security
SCA
Static SCA vs. Dynamic SCA: Which is Better and Why
Blog
Aug 1, 2024

Static SCA vs. Dynamic SCA: Which is Better (and Why It's Neither)

Open Source
Blog
Jul 29, 2024

33 Most Popular Open Source Tools for Maven Applications, Scored

Security
SCA
Blog
Jul 24, 2024

Jellyfish’s Data-Driven Security Program

SCA
Security
Customer Story
Jul 24, 2024

Jellyfish Enables Data-Driven AppSec with Endor Labs

Security
What's a Security Pipeline? - On-Demand Webinar
Video
Jul 17, 2024

What's a Security Pipeline? - On-Demand Webinar

News
Blog
Jul 15, 2024

Endor Labs Receives Strategic Investment from Citi Ventures

News
We made the Inc. Best Workplaces List for 2024!
Blog
Jul 8, 2024

We made the Inc. Best Workplaces List for 2024!

Security
Open Source
Blog
Jul 3, 2024

New CocoaPods CVEs: Swift and Objective-C Supply Chains Are Fragile

SCA
Security
Questions to Ask Your Software Composition Analysis Vendor
Blog
Jun 27, 2024

Questions to Ask Your Software Composition Analysis Vendor

Compliance & SBOM
SCA
Managing Open Source Vulnerabilities for PCI DSS Compliance- On-Demand Webinar
Video
Jun 18, 2024

Managing Open Source Vulnerabilities for PCI DSS Compliance - On-Demand Webinar

Security
Developer Productivity
SCA
Backstage and Endor Labs: AppSec in a Dev’s Dream Workspace
Blog
Jun 18, 2024

Backstage and Endor Labs: AppSec in a Dev’s Dream Workspace

SCA
Open Source
Security
Compliance & SBOM
Container Scanning + SCA = Better Together
Blog
Jun 11, 2024

Container Scanning + SCA = Better Together

SCA
Open Source
Security
Blog
Jun 4, 2024

Evaluating and Scoring OSS Packages

News
Blog
Jun 4, 2024

Endor Labs Named to Rising in Cyber by CISOs and Venture Capital Investors

SCA
Compliance & SBOM
Open Source
Security
Demystifying Transitive Dependency Vulnerabilities
Blog
May 31, 2024

Demystifying Transitive Dependency Vulnerabilities

CI/CD
Security
Open Source
Surprise! Your GitHub Actions Are Dependencies Too
Blog
May 28, 2024

Surprise! Your GitHub Actions Are Dependencies, Too

News
Blog
May 21, 2024

Endor Labs Partners with GuidePoint Security to Secure The Software Supply Chain

SCA
Security
Protect Mobile Apps with Kotlin and Swift SCA
Blog
May 21, 2024

Protect Mobile Apps with Kotlin and Swift SCA

Compliance & SBOM
SCA
Security
OSS Vulnerabilities and the Digital Operational Resilience Act (DORA)
Blog
May 21, 2024

OSS Vulnerabilities and the Digital Operational Resilience Act (DORA)

CI/CD
Compliance & SBOM
SCA
Intro to Endor Labs- On-Demand Webinar
Video
May 15, 2024

Intro to Endor Labs - On-Demand Webinar

SCA
Open Source
Security
 OWASP OSS Risk 1: Known Vulnerabilities, by Camila Odlund and Jenn Gile
Blog
May 14, 2024

OWASP OSS Risk 1: Known Vulnerabilities

CI/CD
Security
Low-Code/No Code Artifact Signing by Diamantis Kourkouzelis
Blog
May 7, 2024

Low-Code/No Code Artifact Signing

Compliance & SBOM
Open Source
SCA
An Auditor’s Perspective on Addressing OSS Vulnerabilities for PCI DSS v4 by Jenn Gile
Blog
May 2, 2024

An Auditor’s Perspective on Addressing OSS Vulnerabilities for PCI DSS v4

Security
SCA
CI/CD
Compliance & SBOM
Open Source
Guide to Implementing Software Supply Chain Security, What to Consider When Designing a Program
Ebook/Report
Apr 30, 2024

Guide to Implementing Software Supply Chain Security

CI/CD
Compliance & SBOM
Security
Your Git Repo is a Supply Chain Risk by Darren Meyer
Blog
Apr 30, 2024

Your Git Repo is a Supply Chain Risk

CI/CD
Security
Improve Kubernetes Security with Signed Artifacts and Admission Controllers by David Archer
Blog
Apr 23, 2024

Improve Kubernetes Security with Signed Artifacts and Admission Controllers

Developer Productivity
Open Source
Opinion
Security
Tech
AppSec Goes to Devnexus: Lessons from a Thriving, Modern Java Community by Darren Meyer
Blog
Apr 16, 2024

AppSec Goes to Devnexus: Lessons from a Thriving, Modern Java Community

CI/CD
Security
Compliance & SBOM
Artifact Signing 101 - On-Demand Webinar
Video
Apr 10, 2024

Artifact Signing 101 - On-Demand Webinar

Security
Open Source
Compliance & SBOM
SCA
XZ Backdoor: How to Prepare for the Next One by Jamie Scott
Blog
Apr 3, 2024

XZ Backdoor: How to Prepare for the Next One

Security
Open Source
Opinion
XZ is A Wake Up Call For Software Security: Here's Why by Dimitri Stiliadis
Blog
Apr 1, 2024

XZ is A Wake Up Call For Software Security: Here's Why

Compliance & SBOM
SSDF Compliance and Attestation by Chris Hughes
Blog
Mar 26, 2024

SSDF Compliance and Attestation

CI/CD
Security
You Have a Shadow Pipeline Problem by Darren Meyer
Blog
Mar 19, 2024

You Have a Shadow Pipeline Problem

SCA
Open Source
Security
Remediating Vulnerabilities vs. Maintaining Current Dependencies
Blog
Mar 13, 2024

Remediating Vulnerabilities vs. Maintaining Current Dependencies

SCA
Security
Prioritizing SCA Findings with Reachability Analysis - On-Demand Webinar
Video
Mar 6, 2024

Prioritizing SCA Findings with Reachability Analysis - On-Demand Webinar

CI/CD
Compliance & SBOM
Security
Signing Your Artifacts For Security, Quality, and Compliance
Blog
Mar 5, 2024

Signing Your Artifacts For Security, Quality, and Compliance

Open Source
SCA
Security
Detecting Malicious Packages in Open Source Dependencies by Henrik Plate
Blog
Feb 28, 2024

Detect Malicious Packages Among Your Open Source Dependencies

News
Tom Gleason Joins Endor Labs as VP of Customer Solutions
Blog
Feb 20, 2024

Tom Gleason Joins Endor Labs as VP of Customer Solutions

CI/CD
Compliance & SBOM
Security
Introducing CI/CD Security with Endor Labs
Blog
Feb 14, 2024

Introducing CI/CD Security with Endor Labs

Security
Open Source
SCA
How to Improve SCA in GitHub Advanced Security
Video
Feb 5, 2024

How to Improve SCA in GitHub Advanced Security - Tutorial

Security
Open Source
SCA
Compliance & SBOM
How to Ingest and Manage SBOMs
Video
Jan 30, 2024

How to Ingest and Manage SBOMs - Tutorial

No items found.
VMware achieves SBOM compliance for over 100 services with Endor Labs
Customer Story
Jan 29, 2024

VMware Achieves SBOM Compliance for Over 100 Services with Endor Labs

Security
AI/ML
AI-Supported Environment Debugging for Endor Labs
Blog
Jan 25, 2024

AI-Supported Environment Debugging for Endor Labs

Security
Open Source
SCA
Compliance & SBOM
How to Generate SBOM and VEX
Video
Jan 23, 2024

How to Generate SBOM and VEX - Tutorial

Security
AI/ML
Open Source
How to Use AI for Open Source Selection
Video
Jan 9, 2024

How to Use AI for Open Source Selection - Tutorial

Security
SCA
News
Introducing a Better Way to SCA for Monorepos and Bazel
Blog
Jan 8, 2024

Introducing a Better Way to SCA for Monorepos and Bazel

SCA
Security
Opinion
5 Types of Reachability Analysis (and Which is Right for You)
Blog
Jan 2, 2024

5 Types of Reachability Analysis (and Which is Right for You)

Security
Tech
What’s in a Name? A Look at the Software Identification Ecosystem
Blog
Dec 20, 2023

What’s in a Name? A Look at the Software Identification Ecosystem

Security
What you need to know about Apache Struts and CVE-2023-50164
Blog
Dec 18, 2023

What You Need to Know About Apache Struts and CVE-2023-50164

Security
SCA
Introducing JavaScript Reachability and Phantom Dependency Detection
Blog
Dec 12, 2023

Introducing JavaScript Reachability and Phantom Dependency Detection

Security
SCA
MileIQ securely reimagines a decade old product with Endor Labs
Customer Story
Dec 11, 2023

MileIQ Securely Reimagines a Decade Old Product with Endor Labs

Security
Compliance & SBOM
How CycloneDX VEX Makes Your SBOM Useful
Blog
Dec 8, 2023

How CycloneDX VEX Makes Your SBOM Useful

First Party Code
Security
How to Scan and Prioritize Valid Secrets
Video
Dec 6, 2023

How to Scan and Prioritize Valid Secrets - Tutorial

Security
Compliance & SBOM
SBOM Requirements for Medical Devices
Blog
Dec 5, 2023

SBOM Requirements for Medical Devices

Security
Compliance & SBOM
CISA and NCSC's Take on Secure AI Development
Blog
Nov 30, 2023

CISA and NCSC's Take on Secure AI Development

Security
Open Source
Open Source Security 101: How to Evaluate Your Open Source Security Posture
Blog
Nov 16, 2023

Open Source Security 101: How to Evaluate Your Open Source Security Posture

News
Endor Labs is a CRN 2023 Stellar Startup!
Blog
Nov 13, 2023

Endor Labs is a CRN 2023 Stellar Startup!

SCA
Open Source
How to Prioritize Reachable Open Source Software (OSS) Vulnerabilities
Video
Nov 9, 2023

How to Prioritize Reachable Open Source Software (OSS) Vulnerabilities - Tutorial

SCA
AI/ML
Open Source
Open Source Security for Python and AI Apps
Solution Brief
Nov 6, 2023

Open Source Security for Python and AI Apps

Security
First Party Code
How To Evaluate Secret Detection Tools
Blog
Oct 31, 2023

How To Evaluate Secret Detection Tools

Security
SCA
Why SCA tools can't agree if something is a CVE
Blog
Oct 20, 2023

Why SCA Tools Can't Agree if Something is a CVE

no-results
Sorry, no results matching your search.

Want to stay in the loop?

Sign up for our newsletter.

Welcome to the resistance
Oops! Something went wrong while submitting the form.