July 2024 Newsletter

Is it the end of July already?! Time flies when we’re planning for the annual InfoSec Summer Camp in sunny (and hot ????) Las Vegas. We’ll be hanging out at BlackHat , and a few of us might even be around for DEF CON.

And of course we keep growing and hiring: good thing that we’re one of Inc’s Best Workplaces !

New in the Product

We made a neat change: our release notes will be organized monthly, and updated twice a month, making them a better place to find information about new features and capabilities. This should make learning about new things nice and consistent for finding out what’s new. Check out the July 2024 Release Notes !

As of version 1.6.372:

• Scan containers for dependency risks, and correlate findings with SCA scans
• Customize the content in notifications from Action Policies , including PR comments, Jira tickets, etc.

Community Support

We believe in the power and importance of the security and developer communities, and we show it by hosting or sponsoring events, boosting key voices, and sharing our knowledge; here are just a few of our community activities this month:

• What’s a Security Pipeline? A free webinar discussing this emerging trend and how to determine if it fits into your organization
• Hosted the Cloud Security Alliance SF Chapter , where we discussed the security fundamentals for Generative AI
• Shared challenges and solutions for phantom dependencies with the OWASP LA Chapter
• Talked about considering security in dependency selection with the London Java Community

(Psst: we also created an AppSec community focused on getting a lot done with lean AppSec teams -- if that sounds interesting to you, check out LeanAppSec )

Endor Labs Product Tip

Did you know that the Endor Labs GitHub Action does more than just scans? You can use it to sign artifacts, and to simply deploy the endorctl binary for use in your own scripts. Check it out in the docs:

• Sign a container image
• Deploy the endorctl binary for later use

Free Training

We're offering two live webinars during the month of August. Register to attend live and ask your burning questions!

• Give Devs the Confidence to Fix: Making Remediation Less Painful Featuring Darren Meyer, Jamie Scott and Jenn Gile of Endor Labs .
• Mastering OSS Security: Validating Vulnerabilities with Code-Level Reachability Analysis Featuring David Archer, Henrik Plate and Joseph Hejderup of Endor Labs.

Our LeanAppSec Academy course, on Intro to SBOMs For AppSec and Compliance is now live! Earn CPUs by completing each course and saving your certificates.