By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
18px_cookie
e-remove

Endor Labs Partners with Microsoft to Strengthen Software Supply Chains

Announcing Endor Labs on Azure Marketplace, Endor Labs for Azure DevOps, and Endor Labs for GitHub!

Announcing Endor Labs on Azure Marketplace, Endor Labs for Azure DevOps, and Endor Labs for GitHub!

Announcing Endor Labs on Azure Marketplace, Endor Labs for Azure DevOps, and Endor Labs for GitHub!

Written by
A photo of Ron Harnik — VP Marketing at Endor Labs.
Ron Harnik
Published on
August 21, 2024

Announcing Endor Labs on Azure Marketplace, Endor Labs for Azure DevOps, and Endor Labs for GitHub!

Announcing Endor Labs on Azure Marketplace, Endor Labs for Azure DevOps, and Endor Labs for GitHub!

Microsoft Azure is the fastest growing public cloud provider, and more than 100 million developers write and maintain code on GitHub. Between these offerings, most of the world’s organizations rely on Microsoft to build, deploy, and protect their software. We’re incredibly excited to announce that Endor Labs has partnered with Microsoft to help customers deliver strong software supply chains.

The Endor Labs team has been working closely with Microsoft to ensure users of GitHub Advanced Security, Azure DevOps (and GitHub Advanced Security for Azure DevOps), can meet software supply chain security goals without sacrificing developer productivity. And of course, Endor Labs is available on Azure Marketplace!

What is Endor Labs?

Endor Labs secures everything your code depends on throughout the SDLC. We start by creating a more efficient dependency management program with consolidated reachability-based SCA, SAST (via CodeQL), container scanning, artifact signing, and CI/CD security. Endor Labs gives AppSec and engineering teams context for each finding (is this vulnerable function reachable? Is this secret valid? Is this license issue in a prod environment?), this reduces security tool noise by 90% by focusing on the risks that matter, when they matter the most. Finally, we help engineers accelerate remediation by understanding upgrade impacts and pushing out backported security patches when risk of upgrading is too high. 

“Endor Labs has been a rising star in our Microsoft for Startups program,” said Tom Davis, Partner at Microsoft for Startups, “In under two years since launching their product, they’ve achieved  traction with Fortune 500 and emerging cloud native companies alike. Transacting through Azure Marketplace will unlock even more growth.” 

Endor Labs for Azure DevOps 

Azure DevOps is a continuous integration and continuous delivery (CI/CD) platform that enables you to automate your build, test, and deployment pipelines. You can use Azure DevOps to seamlessly integrate Endor Labs into your CI pipeline.

Using this pipeline, developers can view and detect:

  • Policy violations in the source code
  • Secrets inadvertently included in the source code

Endor Labs verifications are conducted as automated checks, allowing you to discover violations before pushing code to the repository. Information about the violations can even be included as comments on the corresponding pull request (PR). This enables developers to easily identify issues, focus on the most actionable results and take remedial measures early (ex. break builds, block PRs)  in the development life cycle.

For policy violations, the workflow is designed to either emit a warning or return an error based on your action policy configurations.

Container Scanning on Azure - Endor labs

Endor Labs supports container scanning on Azure by scanning images in Azure Container Registry (ACR). Endor can identify vulnerabilities within container images both for OS and application packages, ensuring secure and compliant deployments. With Endor SCA + container scanning, customers can now get deep visibility into their OSS dependencies in their OSS packages and containers. They can also reduce alert fatigue by seeing all correlated findings in a single view, saving hours of manual triage. Finally, they can trace any signed artifact back to the source repo with rich metadata to speed incident response and remediation workflows. To learn more about container scanning with Endor Labs, read our recent announcement blog.

Endor Labs for GitHub

Around 80% of code in modern applications is code you didn’t write, but “borrowed” through open source packages. With the rise of AI and Open Source LLMs, the reliance on Open Source Software (OSS) will only grow. While OSS is a major component in the modern software supply chain, it’s hardly the only thing your code depends on. Direct and transitive OSS packages, container images, GitHub Actions, even the repositories themselves - are all dependencies we need to ship reliable applications. 

Application security teams are typically expected to secure that entire lifecycle - the code and everything it depends on. Historically that has been difficult to do without overwhelming engineering teams with security noise, and switching between multiple tools to scan, triage, and remediate issues. 

That’s why Endor Labs partnered with GitHub to create an application security experience that doesn’t require developers to leave GitHub. From open source security, to hardening repositories and prioritizing risks in 1st party code, AppSec teams are using GitHub Advanced Security and Endor Labs to create workflows that keeps developers productive and keeps maintenance at a minimum.

By pairing Endor Labs and GitHub Advanced Security, AppSec teams consolidate best-in-class SCA, SAST, Container Scanning, Secret Scanning and CI/CD Security to one workflow, that is all actionable through the GitHub UI.  

“Integrating Endor Labs into our Azure DevOps pipeline has saved us thousands of developer hours. We're able to quickly pinpoint and fix reachable and exploitable vulnerabilities without wasting time chasing false positives.” - Azeem Nizam, CISO, ABC Fitness

Endor Labs - Available on Azure Marketplace

You’ve decided to add Endor Labs to your AppSec toolset - congratulations! Ack, now for procurement.

We know that onerous procurement processes can be the hardest part of a tool decision, which is why we made Endor Labs purchasable through Azure Marketplace. In addition to making procurement easier and speeding up time-to-deployment for new projects, buying through Azure means you can count the purchase towards your Microsoft Azure Consumption Commitment (MACC) and save more by negotiating a private offer.

The Challenge

The Solution

The Impact

Book a Demo

Book a Demo

Book a Demo

Welcome to the resistance
Oops! Something went wrong while submitting the form.

Book a Demo

Book a Demo

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Book a Demo