UPDATED 12:50 EDT / OCTOBER 10 2022

a hand hovers over a black keyboard with chicklet low-lift style keys, a brightly lit blue power button is visible in the upper corner APPS

Endor Labs launches with $25M to secure open-source code dependencies

Endor Labs, a software management platform that helps developers deal with software code dependencies, launched out of stealth mode today with $25 million in seed funding to help enterprise developers secure open-source software supply chains.

Code is fundamental to security. Often when a headline comes out about an exploit or a vulnerability, it’s a problem that arose from code that was taken advantage of by a hacker or a bot that allowed them access to an internal system.

Not all vulnerabilities are caused by a developer adding a bug in a new piece of code. They can also exist in an open-source library that the app depends on for cryptography, networking or some other seemingly mundane need in its supply chain. These libraries are called “dependencies,” they can go multiple tiers deep, and finding or mitigating the vulnerabilities can be difficult and complex.

That’s where Endor Labs’ newly launched Dependency Lifecycle Management Platform is designed to make developers’ lives easier. It performs deep analytics into every dependency to help developers monitor and maintain code dependencies at large scale to make better decisions.

“Our mission at Endor Labs is to help developers spend less time dealing with security issues and more time accelerating their development through safe code reuse,” Endor Chief Executive Varun Badhwar said in the announcement. “With Endor Labs, development and security teams are able to maximize software reuse by safely evaluating, maintaining, and updating dependencies at scale.”

According to Endor, the average enterprise has more than 40,000 open-source dependencies and each of those brings in on average 77 more, creating a massive sprawl of open-source projects to keep track of. That slows down project management because each of these libraries and projects needs to be examined for its risks, updated and scanned for its vulnerabilities.

Through having a full understanding of the dependency graph, enterprise development teams can respond quickly to incidents such as Log4j and head them off before they happen by being able to update dependencies swiftly. “Endor Labs achieves this by going beyond the traditional methods of metadata and vulnerability scanning, and using program analysis and call graphs to gain a deep understanding of how dependencies are being used across the organization,” said Badhwar.

Lightspeed Venture Partners and Dell Technologies Capital participated in the seed round along with more than 30 notable individual business investors including Palo Alto Networks Inc. CEO Nikesh Arora, Zscaler Inc. CEO Jay Chaudhry, Zoom Video Communications Inc. Chief Operating Officer Aparna Bawa and former Atlassian Corp. plc Chief Technology Officer Sri Viswanathan.

“Endor Labs serves a critical need — while open-source software development continues to grow, the way OSS dependencies and their influence on supply chain risk is managed today hinders development, and leaves both engineering and security teams frustrated,” said Arif Janmohamed, partner at Lightspeed Venture Partners.

Over the past year, Endor began working with over 75 major organizations with between 200 and 35,000 employees to incorporate its platform in private beta and provide feedback. Now that the company is publicly launched, it’s inviting more people to join the beta by coming to the Endor Labs website.

Photo: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.