Endor Labs, a software management platform that helps developers deal with software code dependencies, launched today out of stealth today with $25 million in seed funding to help enterprise developers secure open-source software supply chains.
Code is fundamental to security, every time a headline comes out about an exploit or a vulnerability, often it’s a problem that arose from code that was taken advantage of by a hacker or a bot that allowed them access to an internal system.
Not all vulnerabilities are caused by a developer adding a bug in a new piece of code but could exist in an open-source library that the app depends on for cryptography, networking or some other seemingly mundane need in its supply chain. These libraries are called “dependencies,” they can go multiple tiers deep, and finding — or mitigating — the vulnerabilities can be difficult and complex.
This is where Endor Labs’ newly launched Dependency Lifecycle Management Platform is designed to make developers’ lives easier by performing deep analytics into every dependency and to help them monitor and maintain code dependencies at scale to make better decisions.
“Our mission at Endor Labs is to help developers spend less time dealing with security issues and more time accelerating their development through safe code reuse,” Varun Badhwar, chief executive of Endor said about the announcement. “With Endor Labs, development and security teams are able to maximize software reuse by safely evaluating, maintaining, and updating dependencies at scale.”
According to Endor, the average enterprise has more than 40,000 open-source dependencies and each of those brings in on average 77 more, creating a massive sprawl of open-source projects to keep track of. This slows down project management because each of these libraries and projects needs to be examined for its risks, updated and scanned for its vulnerabilities.
Through having a full understanding of the dependency graph, enterprise development teams can respond quickly to incidents such as Log4j and head them off before they happen by being able to update dependencies swiftly.
“Endor Labs achieves this by going beyond the traditional methods of metadata and vulnerability scanning, and using program analysis and call graphs to gain a deep understanding of how dependencies are being used across the organization,” said Badhwar.
Lightspeed Venture Partners and Dell Technologies Capital participated in the seed round along with over 30 notable individual business investors including Nikesh Arora, chief executive of Palo Alto Networks; Jay Chaudhary, chief executive of Zscaler; Aparna Bawa, chief operating officer of Zoom; and Sri Viswanathan, former chief technology officer of Atlassian.
“Endor Labs serves a critical need— while open-source software development continues to grow, the way OSS dependencies and their influence on supply chain risk is managed today hinders development, and leaves both engineering and security teams frustrated,” said Arif Janmohamed, partner at Lightspeed Venture Partners.
Over the past year, Endor began working with over 75 major organizations with between 200 and 35,000 employees to incorporate its platform in private beta and provide feedback. Now that the company is publicly launched, it is inviting more people to join the beta by coming to the Endor Labs website.