Company Research Report: Endor Labs
Company Overview
Name
Endor Labs
Mission Statement
"Developing secure software shouldn't be rocket science. Our mission is to deliver the impossible - create secure software supply chains that actually make developers more productive, rather than drowning in useless alerts."
Founded
- Year: 2021
- Founders: Varun Badhwar and Dimitri Stiliadis
Key People
- CEO and Co-Founder: Varun Badhwar
- CTO and Co-Founder: Dimitri Stiliadis
- CISO: Karl Mattson
- Chief Researcher: Georgios Gousios
- VP, Engineering: Damien Michau
- Managing Director and R&D Head India: Sriram Subramanian
- VP, Marketing: Ron Harnik
- VP, Sales: Nic LaBuz
- VP, Customer Solutions: Tom Gleason
- VP, Business Development: Andrew Davidson
- VP, Finance: Michael McClain
Headquarters
Palo Alto, California, USA
Number of Employees
Over 55 employees
Revenue
No information is available
Notable Aspects
Endor Labs is known for its advanced solutions in software supply chain security, particularly through its Code Governance Platform which helps in prioritizing risks in open source software, securing CI/CD pipelines, and meeting compliance objectives like SBOMs (Software Bill of Materials).
Products
Overview
Endor Labs offers a variety of products, all focused on enhancing software security and developer productivity by managing the software supply chain.
Key Products and Descriptions
Endor Open Source
- Description: Automates OSS selection and approval, identifies applicable risks, reduces SCA noise by 92%, and remediates issues faster.
- Key Features:
- Identify dependencies and risks
- Reduce alert noise by 92%
- Remediate without breaking changes
Endor CI/CD
- Description: Provides visibility into the tools and GitHub Actions used in CI pipelines, understanding security coverage and risks, and finding policy violations.
- Key Features:
- Pipeline and workflows discovery
- Repository security posture management
- Build integrity verification
Endor SBOM Hub
- Description: A central hub for managing first and third-party SBOMs with continuous risk monitoring.
- Key Features:
- One hub for all SBOMs
- Automated SBOM ingestion
- Continuous risk monitoring
Compliance and SBOM
- Description: Ensures compliance across the SDLC by detecting legal and licensing risks, and centrally creating, managing, and analyzing SBOM & VEX.
- Key Features:
- One-click SBOM & VEX
- Detect legal & license risk
- Prioritize for FedRamp & PCI
Secret Detection
- Description: Identifies and removes sensitive information before code is committed, without leaving the IDE.
- Key Features:
- Stop leaks at the source
- Reduce false positives
- Customizable rules
SCA with Reachability
- Description: Determines which vulnerabilities in OSS packages are actually reachable and therefore pose a significant risk.
- Key Features:
- Identify dependencies
- See what’s actually reachable
- Prioritize by danger
Recent Developments
New Products and Features
Introduction of Upgrades & Remediation
- Description: Helps developers navigate the process of fixing vulnerabilities without incurring breaking changes, prioritizing fixes by effort and impact.
- Key Features:
- Upgrade impact analysis
- "Endor Magic Patches" for instances where immediate upgrades aren't feasible
AI-Assisted OSS Selection
- Description: Leverages the power of ChatGPT for open-source risk management, helping developers select safer OSS packages based on compliance, security, and licensing needs.
- Key Features:
- Research OSS packages with natural language queries
- Get risk scores and detailed insights
Partnership with Microsoft
- Announcement Date: August 21, 2024
- Details: Endor Labs announced a partnership with Microsoft to enhance software supply chain security.
Achievements and Recognitions
Gartner Cool Vendor Recognition
- Date: July 12, 2023
- Details: Recognized as a Cool Vendor in Platform Engineering for scaling application security practices by Gartner.
Intellyx Digital Innovator Award
- Date: May 23, 2023
- Details: Recognized by Intellyx for making significant advancements in application security.
Funding
- Series A Funding: Raised $70 million in Series A funding as of August 3, 2023.
New Key Hires
- Karl Mattson: Joined as Chief Information Security Officer on September 24, 2024.
Conclusion
Endor Labs continues to innovate in the field of application security, focusing on reducing the cognitive load on developers by prioritizing the most critical vulnerabilities and providing straightforward remediation paths. With significant backing from investors and recognition from industry analysts, the company is positioned to further impact how organizations manage and secure their software supply chains.
