DevSecOps platform, Endor Labs, has announced the successful completion of its series A funding, securing an impressive $70 million just 10 months after its inception. The funding round was led by Lightspeed Venture Partners (LSVP), Coatue, Dell Technologies Capital, and Section 32, with support from over 30 esteemed industry leaders, including CEOs, CISOs, and CTOs.
In light of this funding milestone, Arif Janmohamed from Lightspeed, Sri Viswanath from Coatue (former CTO of Atlassian), and Deepak Jeevankumar from Dell Technologies Capital will be joining Endor Labs’ board, as confirmed by the company.
Endor Labs is set to utilize the latest funding to develop highly efficient application security programs aimed at eliminating the developer productivity tax.
Varun Badhwar, CEO and co-founder of Endor Labs, expressed his enthusiasm about the funding round, stating, “The new funding will help grow our existing capabilities and allow us to benefit other areas of the Software Development Lifecycle (SDLC), where AppSec can help developers ship secure code without a productivity tax. We will continue investing in the channel and expanding our go-to-market initiatives globally.”
Addressing Developer Challenges with Open-Source Software (OSS) Governance
A significant challenge that developers face is spending over half of their time dealing with security alerts, integrating and maintaining security tools in continuous integration and continuous delivery (CI/CD) pipelines, and negotiating priorities with security teams. Endor Labs has built its foundation on open-source software (OSS) governance to tackle this pressing issue, given that more than 90% of code in modern applications originates from OSS repositories.
Endor Labs aims to help development teams select and maintain high-quality and secure OSS from the beginning, significantly reducing vulnerability noise by accurately identifying reachable and exploitable risks that could genuinely impact operations.
Varun Badhwar further explained, “Our Code and Pipeline Governance Platform goes beyond known vulnerabilities to give security teams a way to measure security and operational risk. The capability reduces false positives by up to 80% compared to traditional Software Composition Analysis (SCA) tools. The platform offers deep visibility into software inventory required for such analysis and also enables organizations to generate accurate Software Bills of Materials (SBOMs) and Vulnerability Exploitability eXchange (VEX) documents in just a few clicks.”
Enhancing Application Security and Threat Visibility
Endor Labs aims to enhance application security by providing increased threat visibility and consolidating DevSecOps capabilities into a single platform. The company focuses on surfacing risks that have a material impact while streamlining tool deployments and prioritizing critical risks.
Varun Badhwar stressed the importance of addressing the challenges that arise from the growing demand for customized applications and the sophistication of infrastructure attacks. He believes that Endor Labs’ approach is geared towards helping customers prioritize risks across open-source code and CI/CD pipelines, reducing the noise generated by traditional SCA tools, and focusing on surfacing reachable and exploitable risks.
Expanding Customer Base and Future Plans
Since its inception, Endor Labs has already secured notable customers, including Five9, RocketLawyer, MileIQ, Cowbell, and Navan. The company’s products have proven to eliminate inefficiencies and reduce false positive alerts for these clients, significantly enhancing productivity.
Looking ahead, Endor Labs remains focused on addressing future AppSec challenges and developing corresponding solutions. The company is expanding its core offerings to cover various security and governance issues in response to the constantly evolving market, emerging security tools, and regulatory changes that may impact developer productivity.
Varun Badhwar assured that Endor Labs is committed to continuous innovation, with plans to introduce more features to identify vulnerabilities, reduce the attack surface, highlight significant risks, and ensure compliance with the latest regulations while optimizing developer input. The company aims to strike the perfect balance between enhanced security in the software supply chain and fostering innovation and new capabilities within the application development universe.
