Endor Labs

Join Kayra Otaner (Director of DevSecOps at Roche) and Jamie S. from Endor Labs to learn how you can and should create an independent pipeline for executing security controls and tools across all your enterprise-wide CI/CD pipelines.

We’re talking about Security Pipelines! Join us for a chat on Wednesday, July 17, at 9:00 a.m. PT. Darren Meyer, Staff Research Engineer at Endor Labs, will be hosting this session featuring Kayra Otaner, Director of DevSecOps at Roche, and Jamie S., Founding Product Manager at Endor Labs. They’ll dive into "What's a Security Pipeline?" AppSec / ProdSec teams have more tools and processes to deploy and manage across ❇️  The SDLC ❇️  CI/CD pipelines ❇️  Pipeline integrations These are complex and expensive. An emerging solution to this problem is to create independent pipelines for executing security tasks in CI/CD. Learn about common patterns and tradeoffs for security pipelines in this introductory webinar. https://lnkd.in/gPrY-Ugs #webinar #appsec #security #cybersecurity #sca

Join us at the Cloud Security Alliance - SF Chapter meet-up on Tuesday, July 23rd at 5:30 PM at the Endor Labs HQ in Downtown Palo Alto! Network over food and drinks while enjoying talks by experts from the SANS Institute and Endor Labs. Dan deBeaubien will discuss Generative AI, Business Risk, and Opportunities, and Jamie S. will talk about- The SCA Balancing Act: Understanding Tradeoffs, What to Do and Avoid. We look forward to seeing you there! Find the RSVP link in the comments below 👇

LeanAppSec just launched a new course on 𝐒𝐁𝐎𝐌𝐬 𝐟𝐨𝐫 𝐀𝐩𝐩𝐒𝐞𝐜 𝐚𝐧𝐝 𝐂𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞! 𝐂𝐡𝐞𝐜𝐤 𝐨𝐮𝐭 𝐭𝐡𝐞 𝐜𝐨𝐮𝐫𝐬𝐞 𝐢𝐟 𝐲𝐨𝐮: 💬 𝐖𝐚𝐧𝐭 𝐭𝐨 𝐫𝐞𝐬𝐩𝐨𝐧𝐝 𝐪𝐮𝐢𝐜𝐤𝐥𝐲 𝐭𝐨 𝐬𝐮𝐩𝐩𝐥𝐲 𝐜𝐡𝐚𝐢𝐧 𝐢𝐧𝐜��𝐝𝐞𝐧𝐭𝐬: Use SBOMs to track where you have affected components 🏛️ 𝐂𝐚𝐫𝐞 𝐚𝐛𝐨𝐮𝐭 𝐜𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞: Learn how you can generate and share SBOMs with auditors/regulators 🔧 𝐖𝐚𝐧𝐭 𝐭𝐨 𝐛𝐮𝐢𝐥𝐝 𝐚 𝐦𝐚𝐭𝐮𝐫𝐞 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐩𝐫𝐨𝐠𝐫𝐚𝐦: An SBOM shows your organization has a well-developed security practice. https://lnkd.in/emzU56JU #SBOM #AppSec #Compliance

As my second born is right about to hit two months old, I am reflecting on how thankful I am to have this time with him and my family! I just hit one year at Endor Labs and am so grateful to celebrate this milestone while on maternity leave. Thanks to Endor Labs for the incredible support and generous time off, making it possible to balance a career and motherhood. It’s no wonder we were just named on Inc's Best Workplaces list for 2024! I’m truly proud to be part of such a supportive and amazing team! 🙏🏼🚀🏆 (pic included: family outing to the local zoo 🥰) Check out highlights from the past year in this announcement: https://lnkd.in/gQ6NjbWG #Hiringnow #AppSec #IncBestWorkplaces

We are extremely proud to be named to Inc's Best Workplaces list for 2024. Our team’s commitment, innovation, and drive have helped us build an amazing product. But more importantly, it's their passion and love for what they do that earned us this recognition. Every win is a team effort, but this one truly stands out. https://lnkd.in/gfqDv6Kc #Hiringnow #AppSec #IncBestWorkplaces

Three #CocoaPods CVEs raise serious security concerns for consumers of Swift and Objective-C libraries used for macOS and iOS mobile development. E.V.A Information Security discovered three vulnerabilities in the Trunk server that runs the whole CocoaPods repository, causing significant concern. These vulnerabilities existed for a decade before they were discovered, making the CocoaPods supply chain fragile. If you’ve been using them for several years, there’s no telling when your Pods could have been sabotaged. The good news is that these problems have been patched by CocoaPods prior to the disclosure. The bad news is that no one really knows if adversaries took advantage of these vulnerabilities. Here’s a quick rundown of CocoaPods and what you can do to ensure your dependencies are up-to-date: https://lnkd.in/gz-PiCXH #CocoaPods #Swift #ObjectiveC

Looking to try out your first SCA tool or thinking of switching from your current one? Awesome! Before you commit to a new tool, make sure to ask potential vendors these seven questions. Save this infographic so you have it handy when meeting with potential SCA vendors.

Darren Meyer presents his talk on “What’s in your #AI code” during OWASP LA monthly meeting. One of the reasons he says tools are blind to issues related to code that contain #AI code, is that many of them rely solely on manifest or lock files. Thanks to HiveWatch for hosting us and everyone who braved heavier than normal SoCal traffic to attend the event.