Endor Labs
@endorlabs.bsky.social
At Endor Labs, we've created the first open source dependency lifecycle management platform to help OSS consumers select, secure and maintain dependencies effectively.
Shai Hulud’s latest wave shows cross-ecosystem spread: an infected posthog-node package was rebundled as a Java archive and pushed to Maven Central via mvnpm.
Version 4.18.1 is removed, and other rebundles appear clean.
Key point: malware is now moving between ecosystems automatically.
Version 4.18.1 is removed, and other rebundles appear clean.
Key point: malware is now moving between ecosystems automatically.
November 26, 2025 at 4:10 PM
Shai Hulud’s latest wave shows cross-ecosystem spread: an infected posthog-node package was rebundled as a Java archive and pushed to Maven Central via mvnpm.
Version 4.18.1 is removed, and other rebundles appear clean.
Key point: malware is now moving between ecosystems automatically.
Version 4.18.1 is removed, and other rebundles appear clean.
Key point: malware is now moving between ecosystems automatically.
Endor Labs’ 2025 State of Dependency Management report is live!
-49% of dependencies imported by AI agents had known vulns.
-34% didn’t exist at all.
-Only 1 in 5 was safe.
www.endorlabs.com/lp/state-of-...
#MCP #AIAgents #DMR2025
-49% of dependencies imported by AI agents had known vulns.
-34% didn’t exist at all.
-Only 1 in 5 was safe.
www.endorlabs.com/lp/state-of-...
#MCP #AIAgents #DMR2025
November 4, 2025 at 2:37 PM
Endor Labs’ 2025 State of Dependency Management report is live!
-49% of dependencies imported by AI agents had known vulns.
-34% didn’t exist at all.
-Only 1 in 5 was safe.
www.endorlabs.com/lp/state-of-...
#MCP #AIAgents #DMR2025
-49% of dependencies imported by AI agents had known vulns.
-34% didn’t exist at all.
-Only 1 in 5 was safe.
www.endorlabs.com/lp/state-of-...
#MCP #AIAgents #DMR2025
AI is changing how software gets built. Today, we’re changing how it gets secured with the expansion of our application security platform and a $93M Series B to accelerate what we’re building.
More here: bit.ly/42DqUmB
#AppSec #SeriesB #EndorLabs #DevSecOps #Cybersecurity
More here: bit.ly/42DqUmB
#AppSec #SeriesB #EndorLabs #DevSecOps #Cybersecurity
April 23, 2025 at 4:11 PM
AI is changing how software gets built. Today, we’re changing how it gets secured with the expansion of our application security platform and a $93M Series B to accelerate what we’re building.
More here: bit.ly/42DqUmB
#AppSec #SeriesB #EndorLabs #DevSecOps #Cybersecurity
More here: bit.ly/42DqUmB
#AppSec #SeriesB #EndorLabs #DevSecOps #Cybersecurity
Developers are moving faster than ever with tools like GitHub Copilot.
The result?
62% of AI-generated code has flaws
Nearly 30% contains known security weaknesses
Next week, we’re announcing a new way for AppSec teams to understand what’s changing and why it matters.
#AppSec #AI #LLM #DevSecOps
The result?
62% of AI-generated code has flaws
Nearly 30% contains known security weaknesses
Next week, we’re announcing a new way for AppSec teams to understand what’s changing and why it matters.
#AppSec #AI #LLM #DevSecOps
April 17, 2025 at 7:50 PM
Developers are moving faster than ever with tools like GitHub Copilot.
The result?
62% of AI-generated code has flaws
Nearly 30% contains known security weaknesses
Next week, we’re announcing a new way for AppSec teams to understand what’s changing and why it matters.
#AppSec #AI #LLM #DevSecOps
The result?
62% of AI-generated code has flaws
Nearly 30% contains known security weaknesses
Next week, we’re announcing a new way for AppSec teams to understand what’s changing and why it matters.
#AppSec #AI #LLM #DevSecOps
Less than 9.5% of vulnerabilities are actually exploitable, but FedRAMP ConMon requires fixing everything.
With Endor Labs, you can:
- Prove false positives to your 3PAO
- Correlate SCA & container scans
- Patch vulnerabilities 6.2x faster with Endor Patches
www.endorlabs.com/landing-page...
With Endor Labs, you can:
- Prove false positives to your 3PAO
- Correlate SCA & container scans
- Patch vulnerabilities 6.2x faster with Endor Patches
www.endorlabs.com/landing-page...
March 15, 2025 at 12:01 AM
Less than 9.5% of vulnerabilities are actually exploitable, but FedRAMP ConMon requires fixing everything.
With Endor Labs, you can:
- Prove false positives to your 3PAO
- Correlate SCA & container scans
- Patch vulnerabilities 6.2x faster with Endor Patches
www.endorlabs.com/landing-page...
With Endor Labs, you can:
- Prove false positives to your 3PAO
- Correlate SCA & container scans
- Patch vulnerabilities 6.2x faster with Endor Patches
www.endorlabs.com/landing-page...
The latest CISO guide from The Hacker News makes it clear - EU AI Act, ISO 42001, and NIST AI RMF all require it.
But inventory is just the start. You also need to enforce AI policies. Endor Labs can help you there.
About CLEAR framework:
thehackernews.com/2025/02/how-...
#AI #AppSec #DevSecOps
But inventory is just the start. You also need to enforce AI policies. Endor Labs can help you there.
About CLEAR framework:
thehackernews.com/2025/02/how-...
#AI #AppSec #DevSecOps
February 18, 2025 at 6:53 PM
The latest CISO guide from The Hacker News makes it clear - EU AI Act, ISO 42001, and NIST AI RMF all require it.
But inventory is just the start. You also need to enforce AI policies. Endor Labs can help you there.
About CLEAR framework:
thehackernews.com/2025/02/how-...
#AI #AppSec #DevSecOps
But inventory is just the start. You also need to enforce AI policies. Endor Labs can help you there.
About CLEAR framework:
thehackernews.com/2025/02/how-...
#AI #AppSec #DevSecOps
Endor Labs ❤️ GitHub
Context switching is a productivity killer. Developers live on GitHub, so #AppSec should too.
With Endor Labs Reachability-based SCA now integrated into GHAS, teams can get best-in-class application security, all in one place.
github.blog/security/fro...
Context switching is a productivity killer. Developers live on GitHub, so #AppSec should too.
With Endor Labs Reachability-based SCA now integrated into GHAS, teams can get best-in-class application security, all in one place.
github.blog/security/fro...
February 10, 2025 at 7:23 PM
Endor Labs ❤️ GitHub
Context switching is a productivity killer. Developers live on GitHub, so #AppSec should too.
With Endor Labs Reachability-based SCA now integrated into GHAS, teams can get best-in-class application security, all in one place.
github.blog/security/fro...
Context switching is a productivity killer. Developers live on GitHub, so #AppSec should too.
With Endor Labs Reachability-based SCA now integrated into GHAS, teams can get best-in-class application security, all in one place.
github.blog/security/fro...
DeepSeek R1 is the latest open source AI model to generate a lot of buzz. Developers are trying it out, and AppSec teams may be wondering about risks.
Endor Labs can give AppSec teams data and tools to make and enforce decisions about acceptable AI risk from DeepSeek R1.
#DeepSeek #AIModels #SCA
Endor Labs can give AppSec teams data and tools to make and enforce decisions about acceptable AI risk from DeepSeek R1.
#DeepSeek #AIModels #SCA
January 29, 2025 at 4:27 PM
On Dec 13, Semgrep's license changes limited access to key security tools and community rules. Enter Opengrep: a fully open source, drop-in replacement backed by 10+ security companies.
Key benefits: no paywalls, community rules accessible, foundation governance, and easy migration!
Key benefits: no paywalls, community rules accessible, foundation governance, and easy migration!
January 23, 2025 at 7:48 PM
On Dec 13, Semgrep's license changes limited access to key security tools and community rules. Enter Opengrep: a fully open source, drop-in replacement backed by 10+ security companies.
Key benefits: no paywalls, community rules accessible, foundation governance, and easy migration!
Key benefits: no paywalls, community rules accessible, foundation governance, and easy migration!
Big news! 🎉 Microsoft has natively integrated our advanced SCA within Defender for Cloud. Our integration is in Public Preview and available to try now!
www.endorlabs.com/learn/micros...
www.endorlabs.com/learn/micros...
November 20, 2024 at 6:18 PM
Big news! 🎉 Microsoft has natively integrated our advanced SCA within Defender for Cloud. Our integration is in Public Preview and available to try now!
www.endorlabs.com/learn/micros...
www.endorlabs.com/learn/micros...