Endor Labs combines the analysis of repository metadata with static code analysis to identify hidden open-source dependencies for both vulnerability management and engineering support.
Software supply chain attacks became the center of attention in cybersecurity circles because of the Log4j vulnerability. As a result, organizations are now justifiably concerned that some open-source component or library buried somewhere in their software stack has an unknown vulnerability.
The problem, however, is deeper than finding this weak needle in the haystack. Endor Labs extends supply chain management to the broader challenge of software dependency management, identifying the complex interdependencies among software libraries, both to manage vulnerabilities, but also to support engineering efforts.
Software developers need to understand such dependencies in order to make the right decisions about adding, changing, or updating open-source software libraries without breaking anything.
Without Endor Labs, engineers lack sufficient visibility to make the update or replace decisions for open-source components, leading to bloated software and persistent vulnerabilities. Endor Labs solves these problems.
Copyright © Intellyx LLC. Intellyx publishes the Cloud-Native Computing poster, advises companies on their digital transformation initiatives, and helps vendors communicate their agility stories. As of the time of writing, none of the organizations mentioned in this article is an Intellyx customer. To be considered for a Brain Candy article, email us at pr@intellyx.com.
