Endor Labs

Jellyfish, the top engineering management platform, made the switch from Snyk to Endor Labs to better handle open source risk identification, prioritization, and prediction. It's been awesome working with the Jellyfish team on this. Huge shoutout to James Kirk, Head of Security and Privacy at Jellyfish and Josiah Bruner, Sr Security Engineer at Jellyfish for sharing their experience with Endor Labs! Dive into the full story here: https://lnkd.in/g9MbdYwt #AppSec #SCA #Security

A huge thanks to the San Francisco Chapter of Cloud Security Alliance (CSA) and Endor Labs in Palo Alto, especially Brent Ichien and Jamie S., for hosting and inviting me to speak on the security essentials for generative AI. Also thanks to Kim Lennan and SANS Institute for sponsoring the post-event social! The meeting was chock-full of great security professionals from the Bay Area, and the ensuing conversations at the social afterward were fantastic. It's always inspiring to connect with such a dedicated and knowledgeable community. Thank you all for a wonderful event!

No surprises here, but Dan deBeaubien and Jamie S. crushed it last evening at the Cloud Security Alliance SF chapter in-person meetup! 🎉 Shoutout to everyone who participated and made the session so lively.

Do you use GitHub? Join Leonardo Quimbaya, Principal Field Security Specialist, Code Scanning at GitHub and Matt Brown, Solutions Architect at Endor Labs tomorrow at 10 a.m. PT as they dive into how dev teams can set up efficient, automated processes to deliver software and cut down 80% of the security noise that wastes devs' time. Register here: https://lnkd.in/e7NxSWgd

SCA tools produce a lot of noise. When there’s too much SCA noise, devs stop trusting the tool (𝘢𝘯𝘥 𝘵𝘩𝘦 𝘴𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘵𝘦𝘢𝘮), and issues don’t get fixed. So, what should you look for in an SCA tool that helps you earn your devs' trust? 𝐏𝐫𝐨 𝐭𝐢𝐩: Ask your SCA vendor how their reachability analysis works. Find a tool that can identify which parts of a package are vulnerable and if they affect your code. Plus, it should offer other contextual filtering, like whether the dependency is in production, if there’s a fix available, and how exploitable the vulnerability is. More questions to ask your software composition analysis vendor here: https://hubs.ly/Q02HkQtX0 #SCA #OWASP #OSS #AppSec

Will we see you this evening? Join us at our Palo Alto HQ today at 5:30 p.m. for the in person Cloud Security Alliance - SF chapter meet-up. Register here: https://lnkd.in/gE3wE2wr Jamie S. | Dan deBeaubien | Brent Ichien

𝐖𝐡𝐚𝐭 𝐢𝐬 𝐚 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐩𝐢𝐩𝐞𝐥𝐢𝐧𝐞? 👉 In simple words, It is the tactic for improving your security processes. It's all about creating a repeatable pattern that helps you boost your security maturity over time. While small scale agile organizations can do without security pipelines, larger organizations who have to consider compliance can largely benefit from them. Here’s what Kayra Otaner, Director of DevSecOps at Roche has to say about the importance of security pipelines for larger DevSecOps teams. More from this discussion in our on-demand webinar: https://hubs.ly/Q02HkDt50 #AppSec #DevSecOps #securitypipeline

When chatting with prospective SCA vendors, be sure to ask: What languages does the SCA tool support? Limiting support to just a few languages can leave some big gaps. Make sure the tool covers both current and emerging languages. And if they don’t support your critical languages, find out their roadmap and process for adding new languages. 𝐏𝐫𝐨 𝐓𝐢𝐩: Ask if they support up-and-coming languages like Rust. If they do, it's a great sign that the vendor is proactive and committed to staying ahead of the curve. 𝐁𝐨𝐧𝐮𝐬 𝐪𝐮𝐞𝐬𝐭𝐢𝐨𝐧: Does the tool support reachability for my languages? ** Language support for an SCA tool doesn’t guarantee reachability analysis for that language! **

Our partnership with Endor Labs empowers seamless management, prioritization, and remediation of supply chain risks. Here's a breakdown of how we integrate to streamline your software supply chain security... https://lnkd.in/gYrDKU9H #integrationpartners #softwaresupplychain #shipsecurecode

Will you be at #BlackHat this year? Endor Labs will host several exclusive events for executives throughout the week at Black Hat 2024. If you are around that week we’d love for you to join us. Space is limited, so fill out the form below and save your spot! https://hubs.ly/Q02Gt7b_0 #BlackHat24 #LasVegas #AppSec