Learn

Learn about software supply chain security and Endor Labs.

Featured resources

Ebook/Report
Sep 12, 2024

2024 Dependency Management Report

Blog
Aug 7, 2024

Introducing Upgrades & Remediation: Give Developers the Confidence to Fix

Blog
Jul 29, 2024

33 Most Popular Open Source Tools for Maven Applications, Scored

Questions to Ask Your Software Composition Analysis Vendor
Blog
Jun 27, 2024

Questions to Ask Your Software Composition Analysis Vendor

Topic
Medium
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Open Source
SCA
Security
Blog
Oct 2, 2024

Container Layer Analysis: Clarity in Remediation

Developer Productivity
SCA
Endor Labs Achieves 92% Reduction in SCA Alerts
Blog
Sep 30, 2024

Endor Labs Achieves 92% Reduction in SCA Alerts

Security
SCA
Developer Productivity
Blocking with Confidence: Relativity's Dev[eloper] Experience Journey
Blog
Sep 24, 2024

Blocking with Confidence: Relativity's Dev Experience Journey

Developer Productivity
SCA
Security
Customer Story
Sep 24, 2024

Relativity Blocks Risks with Endor Labs

Open Source
Highlights from Our 2024 Dependency Management Webinar
Blog
Sep 24, 2024

Highlights from Our 2024 Dependency Management Webinar

News
Karl Mattson Joins Endor Labs as Chief Information Security Officer
Blog
Sep 24, 2024

Karl Mattson Joins Endor Labs as Chief Information Security Officer

Open Source
Blog
Sep 23, 2024

48 most popular open source tools for Python applications, scored

SCA
Compliance & SBOM
FedRAMP Requirements for Vulnerability Management and Dependency Upgrades
Blog
Sep 20, 2024

FedRAMP Requirements for Vulnerability Management and Dependency Upgrades

Developer Productivity
SCA
Security
Fix Vulnerabilities Faster with Auto Patching and Endor Patches
Blog
Sep 18, 2024

Fix Vulnerabilities Faster with Auto Patching and Endor Patches

Open Source
SCA
News
Security
Announcing the 2024 Dependency Management Report
Blog
Sep 12, 2024

Announcing the 2024 Dependency Management Report

No items found.
Ebook/Report
Sep 12, 2024

2024 Dependency Management Report

Security
SCA
Developer Productivity
Building a DevSecOps Practice at Starburst
Blog
Sep 9, 2024

Building a DevSecOps Practice at Starburst

SCA
Security
Developer Productivity
Starburst Gets 98.3% Noise Reduction with Endor Labs
Customer Story
Sep 9, 2024

Starburst Gets 98.3% Noise Reduction with Endor Labs

CI/CD
Security
What is CI/CD Security and What Tools Do You Need to Do it?
Blog
Sep 5, 2024

What is CI/CD Security and What Tools Do You Need to Do it?

CI/CD
Security
Blog
Sep 3, 2024

PWN Request Threat: A Hidden Danger in GitHub Actions

SCA
Security
Blog
Aug 27, 2024

Address Open Source Risks with Endor Labs

Security
SCA
Blog
Aug 21, 2024

Endor Labs Partners with Microsoft to Strengthen Software Supply Chains

SCA
Developer Productivity
Blog
Aug 21, 2024

Give Devs the Confidence to Fix: Making Remediation Less Painful

No items found.
Blog
Aug 19, 2024

Prioritize Open Source Risks with Endor Labs

SCA
Security
Blog
Aug 14, 2024

Discover Open Source Risks with Endor Labs

Open Source
SCA
Blog
Aug 9, 2024

48 most popular open source tools for npm applications, scored

CI/CD
Security
Compliance & SBOM
Blog
Aug 8, 2024

Using Artifact Signing to Establish Provenance for SLSA

SCA
Security
Tech
Developer Productivity
Compare Endor Labs and Snyk GitHub Apps.
Blog
Aug 8, 2024

Benchmarking Endor Labs vs. Snyk’s GitHub Apps

SCA
Security
News
Developer Productivity
Blog
Aug 7, 2024

Introducing Upgrades & Remediation: Give Developers the Confidence to Fix

Developer Productivity
SCA
Video
Aug 7, 2024

How to Fix Vulnerabilities Without Breaking Changes

Security
SCA
Static SCA vs. Dynamic SCA: Which is Better and Why
Blog
Aug 1, 2024

Static SCA vs. Dynamic SCA: Which is Better (and Why It's Neither)

Open Source
Blog
Jul 29, 2024

33 Most Popular Open Source Tools for Maven Applications, Scored

Security
SCA
Blog
Jul 24, 2024

Jellyfish’s Data-Driven Security Program

SCA
Security
Customer Story
Jul 24, 2024

Jellyfish Enables Data-Driven AppSec with Endor Labs

Security
What's a Security Pipeline? - On-Demand Webinar
Video
Jul 17, 2024

What's a Security Pipeline? - On-Demand Webinar

News
Blog
Jul 15, 2024

Endor Labs Receives Strategic Investment from Citi Ventures

News
We made the Inc. Best Workplaces List for 2024!
Blog
Jul 8, 2024

We made the Inc. Best Workplaces List for 2024!

Security
Open Source
Blog
Jul 3, 2024

New CocoaPods CVEs: Swift and Objective-C Supply Chains Are Fragile

SCA
Security
Questions to Ask Your Software Composition Analysis Vendor
Blog
Jun 27, 2024

Questions to Ask Your Software Composition Analysis Vendor

Compliance & SBOM
SCA
Managing Open Source Vulnerabilities for PCI DSS Compliance- On-Demand Webinar
Video
Jun 18, 2024

Managing Open Source Vulnerabilities for PCI DSS Compliance - On-Demand Webinar

Security
Developer Productivity
SCA
Backstage and Endor Labs: AppSec in a Dev’s Dream Workspace
Blog
Jun 18, 2024

Backstage and Endor Labs: AppSec in a Dev’s Dream Workspace

SCA
Open Source
Security
Compliance & SBOM
Container Scanning + SCA = Better Together
Blog
Jun 11, 2024

Container Scanning + SCA = Better Together

SCA
Open Source
Security
Blog
Jun 4, 2024

Evaluating and Scoring OSS Packages

News
Blog
Jun 4, 2024

Endor Labs Named to Rising in Cyber by CISOs and Venture Capital Investors

SCA
Compliance & SBOM
Open Source
Security
Demystifying Transitive Dependency Vulnerabilities
Blog
May 31, 2024

Demystifying Transitive Dependency Vulnerabilities

CI/CD
Security
Open Source
Surprise! Your GitHub Actions Are Dependencies Too
Blog
May 28, 2024

Surprise! Your GitHub Actions Are Dependencies, Too

News
Blog
May 21, 2024

Endor Labs Partners with GuidePoint Security to Secure The Software Supply Chain

SCA
Security
Protect Mobile Apps with Kotlin and Swift SCA
Blog
May 21, 2024

Protect Mobile Apps with Kotlin and Swift SCA

Compliance & SBOM
SCA
Security
OSS Vulnerabilities and the Digital Operational Resilience Act (DORA)
Blog
May 21, 2024

OSS Vulnerabilities and the Digital Operational Resilience Act (DORA)

CI/CD
Compliance & SBOM
SCA
Intro to Endor Labs- On-Demand Webinar
Video
May 15, 2024

Intro to Endor Labs - On-Demand Webinar

SCA
Open Source
Security
 OWASP OSS Risk 1: Known Vulnerabilities, by Camila Odlund and Jenn Gile
Blog
May 14, 2024

OWASP OSS Risk 1: Known Vulnerabilities

CI/CD
Security
Low-Code/No Code Artifact Signing by Diamantis Kourkouzelis
Blog
May 7, 2024

Low-Code/No Code Artifact Signing

Compliance & SBOM
Open Source
SCA
An Auditor’s Perspective on Addressing OSS Vulnerabilities for PCI DSS v4 by Jenn Gile
Blog
May 2, 2024

An Auditor’s Perspective on Addressing OSS Vulnerabilities for PCI DSS v4

Security
SCA
CI/CD
Compliance & SBOM
Open Source
Guide to Implementing Software Supply Chain Security, What to Consider When Designing a Program
Ebook/Report
Apr 30, 2024

Guide to Implementing Software Supply Chain Security

CI/CD
Compliance & SBOM
Security
Your Git Repo is a Supply Chain Risk by Darren Meyer
Blog
Apr 30, 2024

Your Git Repo is a Supply Chain Risk

CI/CD
Security
Improve Kubernetes Security with Signed Artifacts and Admission Controllers by David Archer
Blog
Apr 23, 2024

Improve Kubernetes Security with Signed Artifacts and Admission Controllers

Developer Productivity
Open Source
Opinion
Security
Tech
AppSec Goes to Devnexus: Lessons from a Thriving, Modern Java Community by Darren Meyer
Blog
Apr 16, 2024

AppSec Goes to Devnexus: Lessons from a Thriving, Modern Java Community

CI/CD
Security
Compliance & SBOM
Artifact Signing 101 - On-Demand Webinar
Video
Apr 10, 2024

Artifact Signing 101 - On-Demand Webinar

Security
Open Source
Compliance & SBOM
SCA
XZ Backdoor: How to Prepare for the Next One by Jamie Scott
Blog
Apr 3, 2024

XZ Backdoor: How to Prepare for the Next One

Security
Open Source
Opinion
XZ is A Wake Up Call For Software Security: Here's Why by Dimitri Stiliadis
Blog
Apr 1, 2024

XZ is A Wake Up Call For Software Security: Here's Why

Compliance & SBOM
SSDF Compliance and Attestation by Chris Hughes
Blog
Mar 26, 2024

SSDF Compliance and Attestation

CI/CD
Security
You Have a Shadow Pipeline Problem by Darren Meyer
Blog
Mar 19, 2024

You Have a Shadow Pipeline Problem

SCA
Open Source
Security
Remediating Vulnerabilities vs. Maintaining Current Dependencies
Blog
Mar 13, 2024

Remediating Vulnerabilities vs. Maintaining Current Dependencies

SCA
Security
Prioritizing SCA Findings with Reachability Analysis - On-Demand Webinar
Video
Mar 6, 2024

Prioritizing SCA Findings with Reachability Analysis - On-Demand Webinar

CI/CD
Compliance & SBOM
Security
Signing Your Artifacts For Security, Quality, and Compliance
Blog
Mar 5, 2024

Signing Your Artifacts For Security, Quality, and Compliance

Open Source
SCA
Security
Detecting Malicious Packages in Open Source Dependencies by Henrik Plate
Blog
Feb 28, 2024

Detect Malicious Packages Among Your Open Source Dependencies

News
Tom Gleason Joins Endor Labs as VP of Customer Solutions
Blog
Feb 20, 2024

Tom Gleason Joins Endor Labs as VP of Customer Solutions

CI/CD
Compliance & SBOM
Security
Introducing CI/CD Security with Endor Labs
Blog
Feb 14, 2024

Introducing CI/CD Security with Endor Labs

Security
Open Source
SCA
How to Improve SCA in GitHub Advanced Security
Video
Feb 5, 2024

How to Improve SCA in GitHub Advanced Security - Tutorial

Security
Open Source
SCA
Compliance & SBOM
How to Ingest and Manage SBOMs
Video
Jan 30, 2024

How to Ingest and Manage SBOMs - Tutorial

No items found.
VMware achieves SBOM compliance for over 100 services with Endor Labs
Customer Story
Jan 29, 2024

VMware Achieves SBOM Compliance for Over 100 Services with Endor Labs

Security
AI/ML
AI-Supported Environment Debugging for Endor Labs
Blog
Jan 25, 2024

AI-Supported Environment Debugging for Endor Labs

Security
Open Source
SCA
Compliance & SBOM
How to Generate SBOM and VEX
Video
Jan 23, 2024

How to Generate SBOM and VEX - Tutorial

Security
AI/ML
Open Source
How to Use AI for Open Source Selection
Video
Jan 9, 2024

How to Use AI for Open Source Selection - Tutorial

Security
SCA
News
Introducing a Better Way to SCA for Monorepos and Bazel
Blog
Jan 8, 2024

Introducing a Better Way to SCA for Monorepos and Bazel

SCA
Security
Opinion
5 Types of Reachability Analysis (and Which is Right for You)
Blog
Jan 2, 2024

5 Types of Reachability Analysis (and Which is Right for You)

Security
Tech
What’s in a Name? A Look at the Software Identification Ecosystem
Blog
Dec 20, 2023

What’s in a Name? A Look at the Software Identification Ecosystem

Security
What you need to know about Apache Struts and CVE-2023-50164
Blog
Dec 18, 2023

What You Need to Know About Apache Struts and CVE-2023-50164

Security
SCA
Introducing JavaScript Reachability and Phantom Dependency Detection
Blog
Dec 12, 2023

Introducing JavaScript Reachability and Phantom Dependency Detection

Security
SCA
MileIQ securely reimagines a decade old product with Endor Labs
Customer Story
Dec 11, 2023

MileIQ Securely Reimagines a Decade Old Product with Endor Labs

Security
Compliance & SBOM
How CycloneDX VEX Makes Your SBOM Useful
Blog
Dec 8, 2023

How CycloneDX VEX Makes Your SBOM Useful

Secret Detection
Security
How to Scan and Prioritize Valid Secrets
Video
Dec 6, 2023

How to Scan and Prioritize Valid Secrets - Tutorial

Security
Compliance & SBOM
SBOM Requirements for Medical Devices
Blog
Dec 5, 2023

SBOM Requirements for Medical Devices

Security
Compliance & SBOM
CISA and NCSC's Take on Secure AI Development
Blog
Nov 30, 2023

CISA and NCSC's Take on Secure AI Development

Security
Open Source
Open Source Security 101: How to Evaluate Your Open Source Security Posture
Blog
Nov 16, 2023

Open Source Security 101: How to Evaluate Your Open Source Security Posture

News
Endor Labs is a CRN 2023 Stellar Startup!
Blog
Nov 13, 2023

Endor Labs is a CRN 2023 Stellar Startup!

SCA
Open Source
How to Prioritize Reachable Open Source Software (OSS) Vulnerabilities
Video
Nov 9, 2023

How to Prioritize Reachable Open Source Software (OSS) Vulnerabilities - Tutorial

SCA
AI/ML
Open Source
Open Source Security for Python and AI Apps
Solution Brief
Nov 6, 2023

Open Source Security for Python and AI Apps

Security
Secret Detection
How To Evaluate Secret Detection Tools
Blog
Oct 31, 2023

How To Evaluate Secret Detection Tools

Security
SCA
Why SCA tools can't agree if something is a CVE
Blog
Oct 20, 2023

Why SCA Tools Can't Agree if Something is a CVE

Security
Compliance & SBOM
5 Federal Software Supply Chain Requirements You Should Be Aware Of
Blog
Oct 16, 2023

5 Federal Software Supply Chain Requirements You Should Be Aware Of

Security
SCA
You found vulnerabilities in your dependencies, now what?
Blog
Oct 6, 2023

You Found Vulnerabilities in Your Dependencies, Now What?

SCA
Dependency Resolution in Python: Beware The Phantom Dependency
Blog
Sep 28, 2023

Dependency Resolution in Python: Beware The Phantom Dependency

News
Chris Hughes Joins Endor Labs as Chief Security Advisor
Blog
Sep 26, 2023

Chris Hughes Joins Endor Labs as Chief Security Advisor

Developer Productivity
SCA
Understanding Python Manifest Files: Part 1
Blog
Sep 20, 2023

Understanding Python Manifest Files

SCA
Why Your SCA is Always Wrong
Blog
Sep 12, 2023

Why Your SCA is Always Wrong

Security
Endor Labs Named 2023 SINET16 Innovator Award Winner
Blog
Sep 7, 2023

Endor Labs Named 2023 SINET16 Innovator Award Winner

Security
SCA
Combining the Exploit Prediction Scoring System (EPSS) with reachability analysis to optimize your vulnerability management program
Blog
Sep 6, 2023

Combining EPSS and Reachability Analysis to Optimize Vulnerability Management

Security
SCA
News
Introducing SCA reachability analysis for Python, Go, and C#
Blog
Sep 5, 2023

Introducing Reachability-Based SCA for Python, Go, and C#

SCA
Open Source
Reachability Analysis for Python, Go, C#
Video
Sep 5, 2023

Reachability Analysis for Python, Go, C# - Webinar

Security
Open Source
The Open Source Security Index Top 5
Blog
Aug 29, 2023

The Open Source Security Index Top 5

no-results
Sorry, no results matching your search.

Want to stay in the loop?

Sign up for our newsletter.

Welcome to the resistance
Oops! Something went wrong while submitting the form.