“Over 80% of the modern application code is code that developers don’t write but borrow from the internet, making it a massive attack vector,” Bandhwar said.Ĭurrently, the only answer the industry has for OSS security is software composition analysis tools (SCA). Incidents like Log4j have put the use of OSS on the security community's radar. “With the visibility provided the CSOs can see how they can be a partner to the engineering team and help them not just to find problems but remediate and fix these problems early,” Badhwar said. On an ongoing basis when the organizations have 1s of these packages and libraries, it can help CSOs uphold security but in a very targeted and actionable way while having a strong partnership with the development team. “The platform aims to help the CSOs with an end-to-end visibility to help them understand and catalogue everything the developers are using from the internet,” Badhwar said.ĬSOs will also be able to evaluate their risk earlier and determine which of them are acceptable risks for the enterprise. The platform is offered as a subscription-based pricing model and is targeted at organizations that have anywhere between 30 and 30,000 developers. If a source code is stored on premises, then Endor Labs provides the organization with a code analysis tool that runs in their local environment, and every time a developer is trying to push through new code, it analyzes the code that and gives them feedback. If an enterprise’s source code repositories are on GitHub Cloud or GitLab Cloud, then it is integrated with Endor Labs through an app. The Dependency Lifecycle Management Platform runs on the cloud as a SaaS offering and connects to the customer’s source code repositories. Endor integrates with third party source code repositories Endor Labs claims with their new platform this can be done in an automated manner and reduce the vulnerability noise by 80%. To figure out whether a particular vulnerability applies to them or not, the engineers need to manually review the code. While vulnerability scanners report vulnerabilities, only 20% of those matter to an organization and their usage of the code, the rest 80% is noise. The platform also looks at vulnerability noise reduction.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |