February 2025 Edition
Did February fly by, or was it just us?
It felt like the shortest month went by in a flash, but a lot happened at Endor Labs. From exciting product updates to community engagements our team has been busy. There’s a lot to catch up on, so let’s jump straight into the updates!
Community
In late January, we announced our sponsorship of the new Opengrep project, a fork of Semgrep's open source static code analysis engine. We see this as an important step towards a powerful SAST engine that’s freely available for anyone to use or repurpose. You can get involved in several ways, such as by participating in the open roadmap sessions, submitting pull requests for improvements, or joining the technical discussions.
We wrapped up our 2025 winter edition of LeanAppSec Live! Sri Manda , CISO at Peloton Interactive , Steve Wilson OWASP contributor and author of The Developer’s Playbook for Large Language Model Security and Raphael Theberge Director of Security Enablement at Relativity delivered some insightful sessions. You can find the session recordings here.
Conference season is soon to be upon us! We’ll be at SnowFROC, FS-ISAC, and DevOps Live London. Swing by the booth to say hi, and just maybe we’ll have a lightsaber for you.
Speaking of lightsabers, we’re bringing the very popular Lightsaber Stunt Training for AppSec Nerds to Chicago.?
What’s new in February?
February was another big month for product development!
SAST— Consolidate 1st party code scanning with SCA, container, and secrets findings in a single platform.?
Endor Patches dashboard— See how much you could reduce your vulnerability backlog.
View scan history— Track your project’s security posture over time with a detailed view of past security scans.
New scan commands— Associate custom tags with findings or projects.
Azure Pipelines extension— An easy way to integrate Endor Labs scanning into your Azure Pipelines.
We also released several enhancements for custom and multiple requirement files in pip, scanning py_image with Bazel, and new labels for Jira tickets.
Endor Labs Tip
We’ve been talking to customers about the risks when developers import AI models, and we learned something surprising: customer applications have an average of 7 models per application - all added without the security teams’ knowledge.
If you’re using our SCA, you can find out which HuggingFace models are being used in your applications. Enable the AI Model Discovery feature in three steps: