June 2024 Newsletter

Hello and welcome to your June edition! We’ve been busy growing our engineering team (six new teammates added this month!) to do even more exciting things for you. We’ve also been expanding our community into EMEA, where we’re sponsoring OWASP AppSec Lisbon at the end of June, as well as a number of OSS, developer, and security community events throughout the region.

And of course, we continue to spread knowledge and support the security and developer communities across North America as well. We recently had a fantastic time at OWASP AppSec Days Pacific Northwest Conference !

New in the Product

• Scan for risks, including known vulnerabilities, in GitHub Actions and their dependencies
• Create an Action Policy for a specific advisory identifier (e.g. a specific CVE or GHSA identifier)
• All new Dashboard view shows your prioritization pipeline and useful statistics, as well as time and money savings (with customizable assumptions)
• Integrate with Backstage using plugins to bring vulnerability alerts into dev workspaces

And as you may have heard, container image scanning is coming to the platform. Sign up for early access by requesting a demo (current customers should reach out to their account manager).

Endor Labs Tip-of-the-Month

Did you know that you can add custom secrets-detection rules? Just visit the Secret Rules, click Create Secrets Rule, and provide the configuration of the rule, including a Regular Expression to detect your secrets and a Validation Rule to test whether the credential is valid.

Cool Thing of The Month

Need to share key information from SBOM documents with people who don’t have tools and can’t read JSON? Check out sbom2doc, a Python application that summarizes SBOM data in SPDX or CycloneDX format into a more “human-friendly” display.

Free Training

We're offering two live webinars during the month of July. Register to attend live and ask your burning questions!

• What’s a Security Pipeline? Featuring Darren Meyer and Jamie S. of Endor Labs with special guest Kayra Otaner (Director of DevSecOps at Roche).
• What’s an OSPO? Hear from Russ Eling , founder of OSS Consultants and creator of one of the first large-scale OSPO programs.

We're also just weeks away from launching our third LeanAppSec Academy course, this time on the topic of SBOMs! Earn CPUs by completing each course and saving your certificates.