DEVOPSdigest

Endor Labs announced that Microsoft has natively integrated its advanced SCA capabilities within Microsoft Defender for Cloud, a Cloud-Native Application Protection Platform (CNAPP).

This integration further empowers organizations to consolidate their application security and cloud security programs into a single platform, securing cloud workloads and code seamlessly in one place. Customers can now deploy SCA and CNAPP solutions from a unified dashboard, achieving comprehensive security coverage from code to runtime. 

With the native integration, teams can correlate SCA findings with runtime alerts to view code-to-runtime attack paths. This means security teams can now trace exploitable vulnerabilities found in open-source software (OSS) dependencies directly to potential exploit paths in their cloud environments. By connecting the dots between application code and cloud infrastructure, teams can prioritize remediation efforts more effectively, reducing risk across the entire software development lifecycle. Code-to-runtime context also reveals toxic combinations of security issues, for example, a reachable vulnerability in an open-source package that is used on an internet reachable cloud workload. The native integration allows Defender for Cloud users to see a full attack path, from code committed (e.g. in Microsoft Azure DevOps, GitHub, or GitLab) to runtime workloads deployed on Azure, AWS, or Google Cloud Platform.

Currently in Public Preview, the Endor Labs integration with Microsoft Defender for Cloud brings function-level reachability analysis directly into the Defender for Cloud console. This addresses a critical challenge in application security: although only 9.5% of vulnerabilities are exploitable within a given application context, teams often lack the means to identify which ones are truly critical. Without proper context, they face the dilemma of conducting time-consuming manual research or attempting to fix all vulnerabilities, neither of which is sustainable nor efficient. With vulnerability findings often numbering in the hundreds or thousands, strategy supports business requirements or compliance SLAs (such as FedRAMP).  

Endor Labs provides a natively integrated software as a service (SaaS) solution for reachability-based SCA. With the Defender for Cloud integration, deploying and configuring SCA becomes a streamlined process. Once deployed, Security engineers receive function-level reachability analysis for each vulnerability finding, whether discovered at build or in production, and can see where function-level reachable vulnerabilities are part of running applications. A "reachable" finding indicates an attack path exists from the developer's code through OSS dependencies to a vulnerable library or function. With this insight, security engineers can identify genuine threats and prioritize remediation based on the exploit's probability and severity.  

By unifying SCA findings and cloud security findings, and providing new methods of prioritization, the collaboration consolidates tools and reduces noise. Application and Cloud Security teams are now able to achieve end-to-end protection without the productivity tax of implementing, maintaining, and using multiple platforms.