Endor Labs

You know that tiny robot in every sci-fi movie that repairs spaceships mid-battle? Sadly, in real life, your SCA tool just tells you what’s broken...and then wishes you luck. But what if it could actually help you fix things? At Endor Labs, we’re not in the business of just finding problems—we help fix them faster. We simulate your whole app, show you what’ll break when upgrading, and even provide low-risk fixes (or backported patches when upgrades are risky) Learn more: https://lnkd.in/gyzWcqW3 #SCA #AppSec #Cybersecurity

AI is changing how we approach security, but is it actually making AppSec better? At the AppSec AI Summit in San Francisco, we’re discussing what’s working, what’s not, and where AI fits in vulnerability detection, compliance automation, and secure development. Join Endor Labs, GitHub, StackHawk, Fianu, Achilleus, and KPMG on March 27th for a deep dive into AI’s role in AppSec. Save your spot! https://lu.ma/d90d86df #AppSec #AppSecAISummit #AI #Security #EndorLabs #GitHub

Springing into action this week with a ton of events! The Endor Labs team will be out and about, catching up with the security community in a few different cities. If you’re around, let’s connect: 📍 SANS Institute Cyber Solutions Fest – Virtual (March 18) 📍 The CISO Society InfoSec Anti-Summit – New York (March 19) 📍GuidePoint Security GPSec Security Forum – Boston (March 20) 📍Boston Security Meetup – Boston (March 20) 📍OWASP® Foundation Vancouver Meetup – Vancouver, BC (March 20) 📍SINET Silicon Valley – California (March 20) 📍Brackets & Brews with Grip Security: March Madness Happy Hour – New York (March 20) 📍Executive Dinner with Lightspeed and Andromeda Security (March 20) 📍NCAA March Madness – Milwaukee, WI (March 21) A big one coming up next week! 📍GitHub AppSec AI Summit with StackHawk, Fianu, Achilleus, and KPMG - San Francisco (March 27) Let us know if you’ll be at any of these—we’d love to say hi. https://lnkd.in/gKK8xCC5 #AppSec #AppSecEvents #EndorLabs #DevSecOps #cybersecurity

Critical GitHub Action Compromise Alert (because who doesn’t love a weekend incident) Yes, you'll soon see every vendor talking about this, but here's what AppSec teams really need to know: Yesterday, attackers compromised the popular GitHub Action tj-actions/changed-files, used by over 23,000 repositories, injecting malicious code designed to extract CI/CD secrets. GitHub has removed the action, which means impacted CI pipelines might already be failing. Why This Matters: 👉 Attackers retroactively modified all tags, making tag-based pinning ineffective. 👉Public repositories creating containers or packages may have inadvertently become vectors for broader supply chain attacks. 👉Organizations with shared CI/CD secrets across public and private repositories are at particular risk. What You Need to Do Now: ✅ Scope Impact Fast: - Endor Labs customers: Use your dashboard or run endorctl scan --ghactions --secrets --git-log immediately. - Not using Endor Labs yet? Search your repos manually and audit transitive dependencies. ✅ Investigate Efficiently: - Review GitHub audit logs urgently for suspicious IP addresses or unusual activity. - Inspect CI logs, prioritizing public-facing repos. ✅ Protect Your Secrets: - Rotate and replace compromised secrets immediately—assume secrets have been leaked. ✅ Take Next Steps: - Fully remove the compromised Action from all branches (not just the main branch). - Find a secure alternative or reconsider your GitHub Actions allow-list policy. At Endor Labs, we understand this isn't just another security alert—it's another critical item on your to-do list. Our goal is to give AppSec engineers actionable guidance, not just noise. https://lnkd.in/gDsyz2SD #tjactions #GitHubAction #tjactionschangedfiles #AppSec

The Endor Labs team is at #SnowFROC today in Denver! Catch Matt Reynolds , Sarah Hartland, Jamie S. and Anand Sawant at the event, ready to chat all things #AppSec. And while you’re at it, don’t miss your chance to win a LEGO Star Wars AT-TE™ Walker in our raffle. Swing by and say hi! #SnowFROC #AppSec #OWASPDenver

FedRAMP compliance is expensive. False positives make it worse. Less than 9.5% of vulnerabilities are actually exploitable, but FedRAMP ConMon requires fixing everything. Even the noise. With Endor Labs, you can: - Prove false positives to your 3PAO and cut down unnecessary work - Correlate SCA & container scans to eliminate duplicate findings - Patch vulnerabilities 6.2x faster with Endor Patches See how: https://lnkd.in/giAVVthS #FedRAMP #ConMon #Compliance #SCA #3PAO

We’ve got a free #RSAC2025 Expo pass waiting for you! Endor Labs is offering an exclusive code to get you into the RSAC Expo—completely free. Full access to the floor where you can explore the latest in security, meet industry pros, and of course, swing by Booth #5272 (Moscone North) to say hi. Get your free pass here: https://lnkd.in/ggw2ZyhV #RSAC2025 #RSACExpoPass2025 #AppSec #DevSecOps

What a packed day at DevOps Live London! If you missed us today, don't worry. We're back tomorrow! Come by booth DV066, Hall: S3-S15 and say hello!

Achieving and maintaining FedRAMP authorization is a big win but it shouldn’t come at the cost of a great developer experience. In this video, we walk you through how you can use Endor Labs to meet (or exceed) FedRAMP continuous monitoring (ConMon) requirements while enabling a true shift left AppSec program. ✅ Catch real risks early with CI alerts ✅ Shift left without blocking productivity ✅ Keep developers in their flow with IDE integration ✅ Make compliance smoother without extra hassle Watch to see how you can make FedRAMP compliance smoother and developer-friendly! https://lnkd.in/gp8H5GpU #FedRAMP #AppSec #ConMon #EndorLabs

Endor Labs will be at SnowFROC - presented by Denver OWASP this week on Friday, March 14! Meet Matt Reynolds, Sarah Hartland, Jamie S., and Anand Sawant in Denver to talk all things #AppSec. If you’re looking to cut through the noise, reduce your risk and make compliance easier, come find us. Oh, and while you're there, enter our raffle to win a LEGO Star Wars AT-TE™ Walker. See you in the Mile High City! https://lnkd.in/g3hgVeAj #EndorLabs #SnowFROC #AppSec #OWASPDenver #OWASP