An Intellyx Brain Candy Update
Since our last briefing with Endor Labs in 2022, the firm has expanded its open source software supply chain and source code analysis roots to deliver developer-centric vulnerability prioritization and remediation at each pull request, including a new ‘magic patch’ feature that allows builds to safely move forward against dependencies in the CI/CD lifecycle.
Obviously, every enterprise would love to be able to release software with a signed manifest that scans 100% free from vulnerabilities at the code and component level, but that would fail every build and cause developers to spend endless cycle time chasing down issues. Every modern software supply chain is awash with code changes and third-party package dependencies that are inconsistently updated.
Endor filters through dependencies and alerts, to zero in on a handful of the vulnerabilities that might be reachable by bad actors or malicious bots—and therefore most likely to cause failure conditions. If the issue is fixable, it then writes root causes and remediation instructions directly to the repository so developers can stay in the flow. Or, an upgrade issue can be ‘patched’ which prevents a breaking change from happening in production, while optionally sending a service ticket to the offending publisher.
Most usage of the solution will happen in a developer CLI or repository, but SecOps managers will appreciate the program health dashboard which highlights vulnerability risk KPIs as well as alert noise reduction and time saved for development teams to work on value-added features.
Copyright ©2024 Intellyx B.V. Intellyx is an industry analysis and advisory firm focused on enterprise digital transformation. Covering every angle of enterprise IT from mainframes to artificial intelligence, our broad focus across technologies allows business executives and IT professionals to connect the dots among disruptive trends. At the time of writing, Endor Labs is not an Intellyx customer. No AI was used to write this article. To be considered for a Brain Candy article or event visit, email us at pr@intellyx.com.