Endor Laboratoriesa software management platform that helps developers manage software code dependencies, launching today in stealth mode with 25 million dollars in seed funding to help enterprise developers secure open source software supply chains.
Code is fundamental to security. Often, when a headline mentions an exploit or vulnerability, it’s a problem that stems from code that a hacker or bot took advantage of to gain access to a system. internal.
Not all vulnerabilities are caused by a developer adding a bug in a new piece of code. They can also exist in an open source library that the application depends on for cryptography, networking, or some other seemingly mundane need in its supply chain. These libraries are called “dependencies”, they can span multiple layers, and finding or mitigating vulnerabilities can be difficult and complex.
This is where Endor Labs was just launched Dependency lifecycle management platform is designed to make life easier for developers. It performs in-depth analyzes of each dependency to help developers monitor and maintain code dependencies at scale to make better decisions.
“Our mission at Endor Labs is to help developers spend less time dealing with security issues and more time accelerating their development through secure code reuse,” said Endor CEO Varun. Badhwar. said in the ad. “With Endor Labs, development and security teams are able to maximize software reuse by safely assessing, maintaining, and updating dependencies at scale.”
According to Endor, the average company has over 40,000 open source dependencies and each of these brings an average of 77 more, creating a massive proliferation of open source projects to track. This slows down project management because each of these libraries and projects must be reviewed for risks, updated, and scanned for vulnerabilities.
With a complete understanding of the dependency graph, enterprise development teams can respond quickly to incidents such as Log4j and avoid them before they happen by being able to quickly update dependencies. “Endor Labs achieves this by going beyond traditional methods of analyzing metadata and vulnerabilities, and using program analysis and call graphs to gain a deep understanding of how dependencies are used in organization,” Badhwar said.
Lightspeed Venture Partners and Dell Technologies Capital participated in the round with more than 30 notable individual business investors, including Palo Alto Networks Inc. CEO Nikesh Arora, Zscaler Inc. CEO Jay Chaudhry, COO of Zoom Video Communications Inc. Aparna Bawa and former Atlassian Corp. plc Chief Technology Officer Sri Viswanathan.
“Endor Labs fills a critical need – as open source software development continues to grow, the way OSS dependencies and their influence on supply chain risk are managed today is hampering development and frustrating developers. engineering and security teams,” said Arif Janmohamed, partner. at Lightspeed Venture Partners.
Over the past year, Endor has begun working with over 75 large organizations with between 200 and 35,000 employees to bring its platform into private beta and provide feedback. Now that the company has launched publicly, they are inviting more people to join the beta by heading to the Endor Laboratories website.