Highlights:

  • The platform of Endor Labs offers security and development teams an unmatched awareness of how dependencies are used throughout an enterprise.
  • Endor Labs assists clients in selecting superior dependencies, securing, monitoring, and maintaining them at scale, and responding rapidly to problems such as Log4j.

Endor Labs stepped out of stealth mode and launched its Dependency Lifecycle Management Platform, which helps development and security teams maximize software reuse by reviewing, managing, and upgrading dependencies securely.

Developers directly download more than 40,000 open-source dependencies on average at an organization. Each of these dependents can bring in an average of 77 other (transitive) dependencies, resulting in an unmanageable sprawl that delays development and enhances the attack surface in numerous dimensions.

The current environment lacks suitable methods to address this issue. Software Composition Analysis (SCA) tools, for instance, lack context regarding how developers use dependencies. As a result, they inundate developers with many false positives and lose opportunities to encourage better OSS selection, prioritize cleanup, and detect dangerous dependencies.

Varun Badhwar, co-founder and CEO, said, “Eighty percent of the code in modern applications is code your developers didn’t write but depend on through open-source packages. When our founding team was leading the Prisma Cloud engineering group at Palo Alto Networks, we realized the true magnitude of this issue. Having previously created the Cloud Security Posture Management (CSPM) category, this team knows how to take on next-generation threats. Our mission is to enable OSS to live up to its true potential without introducing unnecessary risk. It’s exciting to take a new market approach again, and we believe these solutions will radically enhance application development everywhere.”

The platform of Endor Labs offers security and development teams an unmatched awareness of how dependencies are used throughout an enterprise. In addition, by conducting in-depth analytics on each OSS dependency, Endor Labs identifies potential security and operational concerns beyond known vulnerabilities. Endor Labs assists clients in selecting superior dependencies, securing, monitoring, and maintaining them at scale, and responding rapidly to problems such as Log4j. Customers can also develop and evaluate accurate SBOMs and have a single source of truth for their complete software inventory when they have a comprehensive grasp of their dependency tree.

This lifecycle approach to dependency management makes it easier for an organization to reuse software. The outcome is greater productivity for the development and security teams and a substantial reduction in supply chain risk.

Rachit Lohani, SVP and chief technology officer of Paylocity, said, “Dependency Lifecycle Management is going to be foundational for supply chain and open-source security. With Dependency Lifecycle Management, Endor Labs sets an entirely new standard by which organizations can prioritize and zero in on the most significant security and operational issues that tend to slow down application development.”

Funding

Additionally, the firm announced that it had secured USD 25 million in initial funding from Lightspeed Venture Partners, Dell Technologies Capital, Sierra Ventures, and several industry leaders who appreciate the magnitude of the challenge Endor Labs is addressing. This includes CEOs and executives from Microsoft, Palo Alto Networks, Zoom, Snowflake, Zscaler, Netskope, Rubrik, Databricks, and others.

Arif Janmohamed, Partner at Lightspeed Venture Partners, said, “Endor Labs serves a critical need — while open-source software development continues to grow, the way OSS dependencies and their influence on supply chain risk is managed today hinders development and leaves both engineering and security teams frustrated. They have carved out a massive and underserved market and assembled a world-class team to take on this challenge. These are exactly the qualities we seek to add to our portfolio, and we look forward to a long and productive relationship with Endor Labs.”

Deepak Jeevankumar, managing director at Dell Technologies Capital, said, “This team has a proven track record of being early to identify industry-wide cyber challenges that accompany fundamental big shifts in enterprise technologies. Just as the F500 began migrating to the cloud en masse, Varun co-founded RedLock to build cloud-specific security solutions for them. Now, as the efficiencies of open-source software give way to hard-to-track/manage complexities, Endor Labs is building the platform to secure the code those same businesses depend on. We’re honored with the opportunity to gain back Varun along with Dimitri and the team they’ve built.”

James Governor, the co-founder of RedMonk, said, “Software development organizations are struggling with software dependencies, a major threat vector preventing the development and maintenance of secure software, particularly with today’s need for application velocity. Automated tools are needed to enable teams to work effectively. Endor Labs is designed to automate governance and improve visibility in an era of industrialized software reuse.”

Over 75 significant corporations have given feedback that has been subsumed into the product presently in private beta, with firms ranging from 200 to 35,000 employees.