DEVOPSdigest

Endor Labs announced a partnership with GitHub that makes it easier than ever for application security teams and developers to accurately identify and remediate the most serious security vulnerabilities—all without leaving GitHub.

In an environment where the number of Common Vulnerabilities and Exposures (CVEs) has spiked by 500% in just the past decade, the enhanced ease and precision enabled by the partnership will deliver major benefits to organizations.

“While a few supply chain attacks, like last year’s XZ Utils episode, get wide attention, they represent only a fraction of the overall threat landscape,” said Varun Badhwar, co-founder and CEO of Endor Labs. “The greatest risks instead come from unpatched vulnerabilities embedded in lesser-known open source dependencies. Effectively responding to all of those devours developer time and resources. Endor Labs technology makes it significantly easier to identify and prioritize the most serious threats, and developers can now derive those benefits while working within GitHub. We’re proud to enter into this partnership with GitHub, and we look forward to jointly delivering many more technology advances.”

Endor Labs and GitHub bring significant advantages to this partnership. Endor Labs’ SCA technology helps identify and prioritize dependency vulnerabilities by their potential impact, based on factors such as reachability, exploitability and more. For example, Endor Labs checks if the vulnerable function of a given dependency is actually reachable by a given application, or is just sitting in an unused corner of a transitive dependency. Similarly, GitHub Advanced Security (GHAS) – the developer-first application security suite that brings GitHub's world-class security capabilities to public and private repositories – integrates crucial security practices directly into the workflow, offering developers a streamlined way to secure their code. It enables code scanning, secret scanning, AI autofixes, and more.

Now, with Endor Labs SCA integrated into GitHub Advanced Security, development teams can dismiss up to 92% of low-risk dependency security alerts. That allows them to focus on the vulnerabilities that matter most, and the new capabilities they seek to deliver to users.

Just three months earlier, Microsoft – GitHub’s parent company, natively integrated the Endor Labs advanced SCA capabilities within Microsoft Defender for Cloud, a leading Cloud-Native Application Protection Platform (CNAPP) to empower organizations to consolidate their application security and cloud security programs into a single platform, securing cloud workloads and code seamlessly in one place. The partnership now allows organizations to deploy SCA and CNAPP solutions from a unified dashboard, achieving comprehensive security coverage from code to runtime.