Endor Labs

Endor Labs is a software company that specializes in dependency lifecycle management for open source software (OSS). Founded in 2022, the company offers a platform designed to help organizations safely evaluate, maintain, and update dependencies in their software development processes. Endor Labs' technology employs deep program analysis and graph analysis to understand how dependencies are being used within an organization and create indicators of risk. The platform provides tools for measuring security and operational risk, as well as removing unused or unmaintained dependencies. It also helps generate and analyze accurate Software Bills of Materials (SBOMs) to provide a single source of truth for an organization's software inventory.

The company's approach goes beyond traditional Software Composition Analysis (SCA) tools by offering context on how developers are using dependencies. This helps reduce false positives and allows for better prioritization of vulnerabilities. Endor Labs' platform performs deep analytics on each OSS dependency to uncover potential security and operational risks beyond known vulnerabilities. The company reported that even though 71% of typical Java application code comes from open source components, applications use only 12% of imported code. Endor Labs' technology enables organizations to eliminate or de-prioritize up to 60% of remediation work by providing insights into which code is actually reachable throughout an application.

Key customers and partnerships

Endor Labs has engaged with significant customers and prospects during its development phase. Over 75 major organizations provided feedback that was incorporated into the product during its first year. As of October 2022, the company was in private beta with several companies ranging from 200 to 35,000 employees.

In July 2023, Endor Labs announced its integration with Google Cloud, aiming to help organizations secure their software supply chains. This partnership allows customers to use Endor Labs' Dependency lifecycle Management solution on Google Cloud, enabling security and development teams to accelerate development by safely maximizing software reuse.