Endor Labs Receives Strategic Investment from Citi Ventures
Endor Labs, a leader in software supply chain security, today announced a strategic investment from Citi Ventures.
Endor Labs, a leader in software supply chain security, today announced a strategic investment from Citi Ventures.
Endor Labs, a leader in software supply chain security, today announced a strategic investment from Citi Ventures.
Endor Labs, a leader in software supply chain security, today announced a strategic investment from Citi Ventures.
Endor Labs, a leader in software supply chain security, today announced a strategic investment from Citi Ventures.
Palo Alto, CA (July 15, 2024) – Endor Labs, a leader in software supply chain security, today announced a strategic investment from Citi Ventures. In a further validation of Endor Labs’ unique approach to securing the software supply chain, this comes less than a year after the company received $70M in oversubscribed Series A financing from Lightspeed Venture Partners (LSVP), Coatue, Dell Technologies Capital, Section 32 and more than 30 industry-leading CEOs, CISOs and CTOs.
Endor Labs was founded in 2022 by industry veterans and serial entrepreneurs Varun Badhwar and Dimitri Stiliadis to solve a massive yet largely neglected market need in application security. With the goal of shipping products faster, development teams rely on more and more dependencies as they develop their applications. These dependencies include Open Source Software (OSS), LLMs, containers, code repositories and arbitrary tools in CI/CD pipelines, which can introduce risks that development and security teams have no visibility into.
Today, application security teams spend countless hours investigating which risks should be prioritized, while developers drown in waves of uncontextualized security alerts. Endor Labs surfaces meaningful, reachable risks across dependencies in the software development lifecycle, helping teams get the evidence they need to fix only what matters.
Since its inception, Endor Labs has quickly gained traction with Fortune 500 enterprises as well as emerging cloud-native companies. Endor Labs was named a finalist at the 2023 RSA Conference Innovation Sandbox and 2023 Black Hat Startup Spotlight, a SINET16 Innovator Award Winner, and has been cited as one of the Best Places to Work in the San Francisco Bay Area.
“Financial institutions employ tens of thousands of developers, and often outpace technology companies with innovation and shipping new applications,” said Endor Labs CEO and co-founder Varun Badhwar. “Software supply chain security is now a board-level concern for these organizations, because ignoring it or getting it wrong not only exposes the organization to significant risk, but costs hundreds of millions in lost developer productivity. Endor Labs already serves some of the largest financial institutions in the US, and our work with Citi gives us even better insights into how to solve problems at this scale.”
Citi Ventures, which has a presence in regions ranging from Palo Alto to Singapore and Tel Aviv, invests in the category-defining startups helping revolutionize financial services.
"Citi runs one of the largest software development organizations in the world,” said Clark Smith, Head of Engineering and Architecture for CISO & Managing Director at Citi. “At this scale, lost productivity due to false positive alerts is a compounding issue. Endor Labs integrates seamlessly into the developer workflow and helps pinpoint supply chain risks that may affect our business.”
“Endor Labs represents the next major innovation in application security,” said Matt Carbonara, Head of Enterprise Tech Investing at Citi Ventures. “Their platform represents a technological step change in how vulnerabilities are analyzed. For a long time now, developers have had to manually analyze vulnerabilities to assess if they are exercised in production. We believe that the reachability analysis provided by Endor Labs will be a must-have technology for enterprises, focusing developers’ efforts on only the most critical and reachable vulnerabilities and saving them countless hours. We’re extremely excited to become investors and partner with Varun and team.”
Try the Endor Labs Software Supply Chain Security Platform free for 30 days and:
Select Better Open Source Software
Select better open source dependencies with 150+ checks and scoring based on security, legal, popularity, activity, and quality. Defend against OWASP OSS Top 10 Risks [LINK] such as typosquatting, malicious and abandoned dependencies.
Prioritize Open Source Vulnerabilities (SCA)
Cut over 90% of vulnerability noise with function-level reachability analysis across both direct and transitive dependencies. Codify highly customizable policies to provide developers feedback in PR comments, break builds in CI, or simplify notify them via Jira tickets.
Secure Repositories and CI/CD Pipelines
Gain visibility into security tool coverage across your CI/CD pipelines and continuously monitor the security posture of source code repositories. Detect repo and GitHub Actions misconfigurations, best practices, and risks with over 50 out-of-the-box policies, including coverage for CIS best practices for GitHub.
Trust What You Ship with Artifact Signing
Ensure the authenticity of software artifacts with a single GitHub action. Artifact signing is a hassle-free alternative to Sigstore that confirms code provenance and lack of tampering. Cryptographic artifact signatures are a powerful tool to enable strong admission control and traceability to support effective security, quality, and compliance programs.
Ensure compliance across the SDLC
Detect legal and licensing risk, and centrally create, manage, and analyze SBOM & VEX. Prioritize applicable vulnerabilities for PCI-DSS and FedRamp and accelerate compliance with CIS, NIST, SSDF, SLSA, EO 14028, and more.
About Endor Labs
Endor Labs secures everything your code depends on throughout the SDLC. Start by creating a more efficient and effective dependency management program with consolidated reachability-based SCA, SAST, container scanning, artifact signing, and CI/CD security. Reduce security tool noise by 90% by focusing on the risks that matter, when they matter the most. Accelerate remediation by understanding upgrade impacts and pushing out backported security patches when risk of upgrading is too high. Achieve compliance with global standards including CIS, NIST, SSDF, FedRamp, PCI DSS v4, SLSA, NIST, SOC2, and more. For more information, visit https://www.endorlabs.com.