IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Cloud Security
#
Application Security
#
DevSecOps

GitHub partners with Endor Labs to boost security features

Fri, 14th Feb 2025
Author image
By Catherine Knowles, Journalist

GitHub and Endor Labs have unveiled a partnership aimed at enhancing the ability of application security teams and developers to detect and address critical security vulnerabilities directly within GitHub.

Endor Labs' software composition analysis (SCA) technology has now been integrated into GitHub Advanced Security, a move expected to streamline the workflow for development teams. Endor Labs' SCA focuses on identifying dependency vulnerabilities by evaluating their potential impact based on factors like reachability and exploitability.

Varun Badhwar, Co-founder and CEO of Endor Labs, highlighted the value of the partnership in addressing security issues. "While a few supply chain attacks, like last year's XZ Utils episode, get wide attention, they represent only a fraction of the overall threat landscape," he said. "The greatest risks instead come from unpatched vulnerabilities embedded in lesser-known open source dependencies."

Badhwar said, "Effectively responding to all of those devours developer time and resources. Endor Labs technology makes it significantly easier to identify and prioritise the most serious threats, and developers can now derive those benefits while working within GitHub. We're proud to enter into this partnership with GitHub, and we look forward to jointly delivering many more technology advances."

The partnership means that development teams can now dismiss up to 92% of low-risk dependency security alerts. This allows them to concentrate on more critical vulnerabilities and continue focusing on developing innovative capabilities. GitHub Advanced Security, which already incorporates several vital security practices such as code scanning, secret scanning, and AI autofixes, will now also leverage Endor Labs' expertise to prioritise security concerns more effectively.

The backdrop to this partnership is a notable rise in Common Vulnerabilities and Exposures (CVEs), which have reportedly increased by 500% over the past decade. This trend underscores the significance of tools that enhance ease and precision in vulnerability management.

The challenges of managing security alerts within software development have long been significant. Many applications have few direct dependencies but hundreds of transitive dependencies, where up to 95% of security risks may reside. Addressing these can prove overwhelming for developers, diverting attention from their primary objectives of app development and technological innovation.

Recently, Microsoft, which owns GitHub, integrated Endor Labs' advanced SCA capabilities into its Microsoft Defender for Cloud. This enables comprehensive security management across code and cloud applications within a singular platform. With the latest partnership, organisations are positioned to deploy both SCA and CNAPP solutions from one interface, enhancing security from the code development stage through to runtime.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Thales introduces new FIDO lifecycle management solution
Lexsoft integrates T3 search with ethical walls systems
BlackFog launches first anti-data exfiltration for macOS
KPMG launches AI platform for business transformation
Check Point hailed leader in cloud security by GigaOm
Top stories
Segi Fresh to invest in Mandalay's agritech for Malaysia
Case Study: How CommScope minimised disruption to Lyell McEwin Hospital's operations
WORK180 expands to include all major Australian employers
Thoughtworks appoints new leaders to drive growth strategy
How to enhance the efficiency and innovation of your organisation within budget