Web Analytics

3 Latest Announced Rounds

  • $2,500,000
    Unknown
    Services for Renewable Energy
    Nov 22nd, 2024
  • $370,000,000
    Series C
    Hospitality
    Nov 22nd, 2024
  • $45,000,000
    Series C
    Renewable Energy Semiconductor Manufacturing
    Nov 22nd, 2024
$2,059.84M Raised in 79 Funding Rounds in the past 7 Days - View All

Funding Round Profile

Endor Labs

start up
United States - Palo Alto, California
  • 04/08/2023
  • Series A
  • $70,000,000

80% of code in modern applications is code your developers didn’t write, but “borrowed” from the internet. With over 3M Open Source Software (OSS) projects, 43M versions, and 3.1T downloads yearly, development teams can gain tremendous benefits from leveraging the OSS ecosystem, as long as organizations invest in the tooling to address the security, scalability and sustainability challenges that come with it.

At Endor Labs, we've created the first open source dependency lifecycle management platform to help OSS consumers select, secure and maintain dependencies effectively.


Related People

Varun BadhwarFounder

Varun Badhwar United States - Palo Alto, California

“Our latest scan found 39,205 CVEs,” your head of AppSec says.

“Where do we even start?” asks your engineering lead.

Your anxiety rises as you think about the endless meetings, arguments, and email exchanges that will inevitably follow.

But open source security problems aren’t going away any time soon. Did you know only 12% of the open source code your developers import is actually used in your applications?

So what you need to do, and badly, is prioritize these findings. Software composition analysis (SCA) tools generate a ton of noise. And they require expertise and time - which are both expensive - to interpret their output.

To protect your company without shutting down your business operations, you need a strategy:

1. Find the signal in the noise. At most 10% of vulnerabilities in open source libraries are exploitable in any given app, but security scanners are deafeningly loud. Understanding the interaction between first-party (your proprietary) and third-party (open source) code is key to determining whether an attacker can exploit a bug.

2. Identify the top risks. Incidents like the log4shell disclosure have shown how bad a single vulnerability can be. Even worse, there are huge amounts of malicious code in circulation. Identifying and mitigating the most pressing issues will help you stay out of the headlines and get back to business.

3. Trim your dependency trees, safely. Technical debt is a fact of life and accumulates steadily. Removing old libraries from your code can reduce your attack surface. But it can also crash your application. Having a comprehensive call graph, though, can show you where you can apply the scalpel for maximum effect. You can’t hack code that doesn’t exist, so identifying and cutting the fat is an important step.

We launched Endor Labs to help enterprises automate this type of detailed analysis so they can mitigate open source security and operational risks.

I launched Endor Labs to help enterprises automate this type of detailed analysis so they can mitigate open source security and operational risks.

After building RedLock from scratch, selling it to Palo Alto Networks within 3 years from inception, and then creating the Prisma Cloud product from 0 to a $300M ARR business in 3 years, I know exactly how to tackle these types of problems.

Want to learn more about how we can help?

Head to https://www.endorlabs.com/