UPDATED 12:50 EST / OCTOBER 10 2022

a hand hovers over a black keyboard with chicklet low-lift style keys, a brightly lit blue power button is visible in the upper corner APPS

Endor Labs launches with $25M to secure open-source code dependencies

Endor Labs, a software management platform that helps developers deal with software code dependencies, launched out of stealth mode today with $25 million in seed funding to help enterprise developers secure open-source software supply chains.

Code is fundamental to security. Often when a headline comes out about an exploit or a vulnerability, it’s a problem that arose from code that was taken advantage of by a hacker or a bot that allowed them access to an internal system.

Not all vulnerabilities are caused by a developer adding a bug in a new piece of code. They can also exist in an open-source library that the app depends on for cryptography, networking or some other seemingly mundane need in its supply chain. These libraries are called “dependencies,” they can go multiple tiers deep, and finding or mitigating the vulnerabilities can be difficult and complex.

That’s where Endor Labs’ newly launched Dependency Lifecycle Management Platform is designed to make developers’ lives easier. It performs deep analytics into every dependency to help developers monitor and maintain code dependencies at large scale to make better decisions.

“Our mission at Endor Labs is to help developers spend less time dealing with security issues and more time accelerating their development through safe code reuse,” Endor Chief Executive Varun Badhwar said in the announcement. “With Endor Labs, development and security teams are able to maximize software reuse by safely evaluating, maintaining, and updating dependencies at scale.”

According to Endor, the average enterprise has more than 40,000 open-source dependencies and each of those brings in on average 77 more, creating a massive sprawl of open-source projects to keep track of. That slows down project management because each of these libraries and projects needs to be examined for its risks, updated and scanned for its vulnerabilities.

Through having a full understanding of the dependency graph, enterprise development teams can respond quickly to incidents such as Log4j and head them off before they happen by being able to update dependencies swiftly. “Endor Labs achieves this by going beyond the traditional methods of metadata and vulnerability scanning, and using program analysis and call graphs to gain a deep understanding of how dependencies are being used across the organization,” said Badhwar.

Lightspeed Venture Partners and Dell Technologies Capital participated in the seed round along with more than 30 notable individual business investors including Palo Alto Networks Inc. CEO Nikesh Arora, Zscaler Inc. CEO Jay Chaudhry, Zoom Video Communications Inc. Chief Operating Officer Aparna Bawa and former Atlassian Corp. plc Chief Technology Officer Sri Viswanathan.

“Endor Labs serves a critical need — while open-source software development continues to grow, the way OSS dependencies and their influence on supply chain risk is managed today hinders development, and leaves both engineering and security teams frustrated,” said Arif Janmohamed, partner at Lightspeed Venture Partners.

Over the past year, Endor began working with over 75 major organizations with between 200 and 35,000 employees to incorporate its platform in private beta and provide feedback. Now that the company is publicly launched, it’s inviting more people to join the beta by coming to the Endor Labs website.

Photo: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU