Endor Labs stories

A malicious commit in the tj-actions/changed-files GitHub Action, used in over 23,000 repositories, threatens software security across numerous CI pipelines.

The Open-Source AI Foundation has launched to promote transparency in AI systems for government agencies, coinciding with DeepSeek's commitment to open source its AI models.

GitHub has partnered with Endor Labs, integrating advanced security software to help developers swiftly identify and manage critical vulnerabilities within the platform.

Endor Labs has unveiled Opengrep, a new venture dedicated to maintaining the open-source integrity of static code analysis tools in application security.

Endor Labs has launched AI Model Discovery, a feature helping businesses identify and manage open source AI models, enhancing application security.

Chris Hughes predicts that open source software adoption will grow in 2025, alongside sophisticated attacks and challenges in governance and security.

Microsoft has integrated Endor Labs' Software Composition Analysis into Defender for Cloud, enabling unified security from code development to runtime.

Endor Labs launches Endor Scores for AI Models, enabling developers to evaluate the security and quality of open source AI models on Hugging Face.

Endor Labs has appointed Karl Mattson, a 25-year cybersecurity veteran, as its first Chief Information Security Officer to bolster software supply chain security.

Endor Labs' 2024 Dependency Management Report reveals that 75% of security patches risk breaking software, complicating open source vulnerability management.

Endor Labs unveiled Upgrade Impact Analysis and Endor Magic Patches at Black Hat, offering new tools to tackle OSS security risks and accelerate vulnerability remediation.

Endor Labs secures strategic investment from Citi Ventures, boosting its mission to protect software supply chains for major financial institutions.

Endor Labs reveals major security flaws in CocoaPods, threatening apps like Instagram and Uber. Critical CVEs could impact Swift and Objective-C supply chains.

A new cybersecurity report reveals that 52% of critical open-source projects rely on memory-unsafe programming languages, posing significant security risks.

Endor Labs warns of anticipated security challenges in artificial intelligence, supply chains, and open source domains for 2024.

Endor Labs exposes the dangers of unchecked open source software reuse in application development, with 95% of vulnerabilities found in indirect dependencies.