CodeSecure and FOSSA announced a strategic partnership and native product integration that enables organizations to eliminate security blindspots associated with both third party and open source code.
GitHub Advanced Security Integrates Endor Labs Software Composition Analysis
February 10, 2025
Endor Labs announced a partnership with GitHub that makes it easier than ever for application security teams and developers to accurately identify and remediate the most serious security vulnerabilities—all without leaving GitHub.
In an environment where the number of Common Vulnerabilities and Exposures (CVEs) has spiked by 500% in just the past decade, the enhanced ease and precision enabled by the partnership will deliver major benefits to organizations.
“While a few supply chain attacks, like last year’s XZ Utils episode, get wide attention, they represent only a fraction of the overall threat landscape,” said Varun Badhwar, co-founder and CEO of Endor Labs. “The greatest risks instead come from unpatched vulnerabilities embedded in lesser-known open source dependencies. Effectively responding to all of those devours developer time and resources. Endor Labs technology makes it significantly easier to identify and prioritize the most serious threats, and developers can now derive those benefits while working within GitHub. We’re proud to enter into this partnership with GitHub, and we look forward to jointly delivering many more technology advances.”
Endor Labs and GitHub bring significant advantages to this partnership. Endor Labs’ SCA technology helps identify and prioritize dependency vulnerabilities by their potential impact, based on factors such as reachability, exploitability and more. For example, Endor Labs checks if the vulnerable function of a given dependency is actually reachable by a given application, or is just sitting in an unused corner of a transitive dependency. Similarly, GitHub Advanced Security (GHAS) – the developer-first application security suite that brings GitHub's world-class security capabilities to public and private repositories – integrates crucial security practices directly into the workflow, offering developers a streamlined way to secure their code. It enables code scanning, secret scanning, AI autofixes, and more.
Now, with Endor Labs SCA integrated into GitHub Advanced Security, development teams can dismiss up to 92% of low-risk dependency security alerts. That allows them to focus on the vulnerabilities that matter most, and the new capabilities they seek to deliver to users.
Just three months earlier, Microsoft – GitHub’s parent company, natively integrated the Endor Labs advanced SCA capabilities within Microsoft Defender for Cloud, a leading Cloud-Native Application Protection Platform (CNAPP) to empower organizations to consolidate their application security and cloud security programs into a single platform, securing cloud workloads and code seamlessly in one place. The partnership now allows organizations to deploy SCA and CNAPP solutions from a unified dashboard, achieving comprehensive security coverage from code to runtime.
Industry News
April 16, 2025
Bauplan, a Python-first serverless data platform that transforms complex infrastructure processes into a few lines of code over data lakes, announced its launch with $7.5 million in seed funding.
April 15, 2025
Perforce Software announced the launch of the Kafka Service Bundle, a new offering that provides enterprises with managed open source Apache Kafka at a fraction of the cost of traditional managed providers.
April 14, 2025
LambdaTest announced the launch of the HyperExecute MCP Server, an enhancement to its AI-native test orchestration platform, HyperExecute.
April 14, 2025
Cloudflare announced Workers VPC and Workers VPC Private Link, new solutions that enable developers to build secure, global cross-cloud applications on Cloudflare Workers.
April 14, 2025
Nutrient announced a significant expansion of its cloud-based services, as well as a series of updates to its SDK products, aimed at enhancing the developer experience by allowing developers to build, scale, and innovate with less friction.
April 10, 2025
Check Point® Software Technologies Ltd.(link is external) announced that its Infinity Platform has been named the top-ranked AI-powered cyber security platform in the 2025 Miercom Assessment.
April 10, 2025
Orca Security announced the Orca Bitbucket App, a cloud-native seamless integration for scanning Bitbucket Repositories.
April 10, 2025
The Live API for Gemini models is now in Preview, enabling developers to start building and testing more robust, scalable applications with significantly higher rate limits.
April 09, 2025
Backslash Security(link is external) announced significant adoption of the Backslash App Graph, the industry’s first dynamic digital twin for application code.
April 09, 2025
SmartBear launched API Hub for Test, a new capability within the company’s API Hub, powered by Swagger.
April 09, 2025
Akamai Technologies introduced App & API Protector Hybrid.
April 09, 2025
Veracode has been granted a United States patent for its generative artificial intelligence security tool, Veracode Fix.
April 09, 2025
Zesty announced that its automated Kubernetes optimization platform, Kompass, now includes full pod scaling capabilities, with the addition of Vertical Pod Autoscaler (VPA) alongside the existing Horizontal Pod Autoscaler (HPA).
April 08, 2025
Check Point® Software Technologies Ltd.(link is external) has emerged as a leading player in Attack Surface Management (ASM) with its acquisition of Cyberint, as highlighted in the recent GigaOm Radar report.
