An Intellyx Brain Candy Update
Since we last covered Endor Labs in August 2024, the company has implemented agentic AI to dramatically improve its static application security testing (SAST) and software composition analysis (SCA) capabilities.
Both SAST and SCA are technologies for reviewing source code, looking for security vulnerabilities or the presence and associated risks of open-source software, respectively. Traditionally, both approaches suffer from false positives, generating numerous alerts that bog down security and development teams.
Endor Labs reduces the noise from such tools by leveraging AI agents to analyze differences in software as developers make changes to the codebase, either by hand or via AI-generated code.
The Developer Agent identifies changes and their intention; the Detection and Architect Agents review code for design and logic flaws within the context of the software architecture; and the AppSec Agent identifies how such changes impact the security posture by identifying vulnerabilities.
These agents (and others) are able to identify flaws in software patterns (as all SAST tools do) as well as logic and policy flaws. Endor leverages this multi-agent static analysis to reduce false positives while detecting even the most complex of software-based risks.
In addition, Endor’s SCA leverages AI agents and Endor’s ability to identify all dependencies within a codebase to provide function-level reachability, enabling developers to prioritize and fix vulnerabilities in open-source code.
Copyright © Intellyx BV. Intellyx is an industry analysis and advisory firm focused on enterprise digital transformation. Covering every angle of enterprise IT from mainframes to artificial intelligence, our broad focus across technologies allows business executives and IT professionals to connect the dots among disruptive trends. None of the vendors mentioned in this article is an Intellyx customer. No AI was used to produce this article. To be considered for a Brain Candy article, email us at pr@intellyx.com.
