Endor Labs, a leader in software supply chain security,
announced a strategic investment from Citi Ventures. In a further
validation of Endor Labs’ unique approach to securing the software
supply chain, this comes less than a year after the company
received $70M in oversubscribed Series A financing from Lightspeed
Venture Partners (LSVP), Coatue, Dell Technologies Capital, Section
32 and more than 30 industry-leading CEOs, CISOs and CTOs.
Endor Labs was founded in 2022 by industry veterans and serial
entrepreneurs Varun Badhwar and Dimitri Stiliadis to solve a
massive yet largely neglected market need in application security.
With the goal of shipping products faster, development teams rely
on more and more dependencies as they develop their applications.
These dependencies include Open Source Software (OSS), LLMs,
containers, code repositories and arbitrary tools in CI/CD
pipelines, which can introduce risks that development and security
teams have no visibility into.
Today, application security teams spend countless hours
investigating which risks should be prioritized, while developers
drown in waves of uncontextualized security alerts. Endor Labs
surfaces meaningful, reachable risks across dependencies in the
software development lifecycle, helping teams get the evidence they
need to fix only what matters.
Since its inception, Endor Labs has quickly gained traction with
Fortune 500 enterprises as well as emerging cloud-native companies.
Endor Labs was named a finalist at the 2023 RSA Conference
Innovation Sandbox and 2023 Black Hat Startup Spotlight, a SINET16
Innovator Award Winner, and has been cited several times as one of
the Best Places to Work.
“Financial institutions employ tens of thousands of developers,
and often outpace technology companies with innovation and shipping
new applications,” said Endor Labs CEO and co-founder, Varun
Badhwar. “Software supply chain security is now a board-level
concern for these organizations, because ignoring it or getting it
wrong not only exposes the organization to significant risk, but
costs hundreds of millions in lost developer productivity. Endor
Labs already serves some of the largest financial institutions in
the US, and our work with Citi gives us even better insights into
how to solve problems at this scale.”
Citi Ventures, which has a presence in regions ranging from Palo
Alto to Singapore and Tel Aviv, invests in the category-defining
startups helping revolutionize financial services.
"Citi runs one of the largest software development organizations
in the world,” said Clark Smith, Head of Engineering and
Architecture for CISO & Managing Director at Citi. “At this
scale, lost productivity due to false positive alerts is a
compounding issue. Endor Labs integrates seamlessly into the
developer workflow and helps pinpoint supply chain risks that may
affect our business.”
“Endor Labs represents the next major innovation in application
security,” said Matt Carbonara, Head of Enterprise Tech Investing
at Citi Ventures. “Their platform represents a technological step
change in how vulnerabilities are analyzed. For a long time now,
developers have had to manually analyze vulnerabilities to assess
if they are exercised in production. We believe that the
reachability analysis provided by Endor Labs will be a must-have
technology for enterprises, focusing developers’ efforts on only
the most critical and reachable vulnerabilities and saving them
countless hours. We’re extremely excited to become investors and
partner with Varun and team.”
Meet us at Black Hat August 6 in Las Vegas:
https://www.endorlabs.com/events/black-hat-usa-2024
Try the Endor Labs Software Supply Chain Security Platform free
for 30 days:
Select Better Open Source Software Select better open
source dependencies with 150+ checks and scoring based on security,
legal, popularity, activity, and quality. Defend against OWASP OSS
Top 10 Risks such as typosquatting, malicious and abandoned
dependencies.
Prioritize Open Source Vulnerabilities (SCA) Cut over 90%
of vulnerability noise with function-level reachability analysis
across both direct and transitive dependencies. Codify highly
customizable policies to provide developers feedback in PR
comments, break builds in CI, or simplify notify them via Jira
tickets.
Secure Repositories and CI/CD Pipelines Gain visibility
into security tool coverage across your CI/CD pipelines and
continuously monitor the security posture of source code
repositories. Detect repo and GitHub Actions misconfigurations,
best practices, and risks with over 50 out-of-the-box policies,
including coverage for CIS best practices for GitHub.
Trust What You Ship with Artifact Signing Ensure the
authenticity of software artifacts with a single GitHub action.
Artifact signing is a hassle-free alternative to Sigstore that
confirms code provenance and lack of tampering. Cryptographic
artifact signatures are a powerful tool to enable strong admission
control and traceability to support effective security, quality,
and compliance programs.
Ensure compliance across the SDLC Detect legal and
licensing risk, and centrally create, manage, and analyze SBOM
& VEX. Prioritize applicable vulnerabilities for PCI-DSS and
FedRamp and accelerate compliance with CIS, NIST, SSDF, SLSA, EO
14028, and more.
About Endor Labs
The pace and complexity of software development is rapidly
intensifying. Developers are trying to keep up by maximizing reuse
of code (internally developed as well as open source), adopting
microservices architectures, and relying on a vast array of third
party tools and services to automate bits and pieces of the CI-CD
process. However, this can quickly sprawl and become untenable,
only causing more headaches for development and security teams in
the long term. Our mission is to deliver the impossible - create
secure software supply chains that actually make developers more
productive, rather than drowning in useless alerts. For more
information, visit https://www.endorlabs.com.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240715243972/en/
CONTOS DUNNE COMMUNICATIONS endorlabs@cdc.agency +1 (408) 776
1400 +1 (408) 893 8750