September 2024 Edition

Happy Oktoberfest (yes, it’s actually mostly in September… weird, right?)! As usual, we’ve been hard at work improving our product and contributing to the community — as well as running our annual global Hackathon and celebrating our birthday! As part of the latter, we released our 2024 Dependency Management Report, which you can read on the web or download as PDF — no registration required.

Community

• We’re headed to OWASP Global AppSec in SF at the end of September
• We’re hosting a free LeanAppSec Live virtual event at the end of October, where we share industry experts talking about getting AppSec done in the real world?
• We released our 2024 Dependency Management Report, no registration needed to read online or as a PDF
• We supported the Nordic Software Security Summit
• Sponsored OWASP Lunch and Learns, Bazel meetups, and too many other local events to list here

New And Improved

Release notes for v1.6.544

• IMPROVED: Many improvements to the web UI (see release notes for details)
• IMPROVED: SBOM exports are now faster, up to 10x faster in many cases
• NEW: Bazel-aware scanning now supports Scala packages within Bazel projects
• NEW: Automatically discover the base image upon which your containers were built when performing a container scan

Endor Labs Tip

Endor Labs’ endorctl binary makes it easy to instrument scans in any CI-CD build system, and we provide instructions in our docs for common ones. For just one example pattern, see a Google Cloud Build control file instrumented with Endor Labs.

  - name: 'maven:3.8.6-openjdk-11'
    entrypoint: 'bash'
    args: ["-c", "./endorctl scan -n $$ENDOR_NAMESPACE --api-key=$$ENDOR_API_CREDENTIALS_KEY --api-secret=$$ENDOR_API_CREDENTIALS_SECRET --as-default-branch=true"]
    secretEnv: ['ENDOR_API_CREDENTIALS_KEY', 'ENDOR_API_CREDENTIALS_SECRET']        

What's Coming Up!

This October, we’re cooking up a cauldron of exciting events—no tricks, just treats! ?? Along with plenty of local happenings, we've got some seriously cool stuff in store.

October 15th in NYC: Come hang out with fellow AppSec practitioners, learn some stage combat lightsaber moves from a legit Hollywood stunt choreographer, and enjoy snacks and apps on us. Oh, and it’s a No-CISOs event. Did we mention we’re also covering your Uber fare? ????

October 23rd: The learning continues with LeanAppSec Live, where we're going "Back to the Basics of Application Security." Join us for a full day of expert-led sessions and plenty of opportunities to connect with fellow professionals. Here’s a sneak peek at the sessions:

• Building a Proactive Security Culture Through Behavioral Science Hosted by Dustin Lehr , Co-Founder & Chief Product and Technology Officer at Katilyst
• How to Use Compliance as a Driver for AppSec Featuring Brandon Sterne (CISO at Basis Theory ), Rachel T. (Director of Security Risk & Trust at Docker, Inc ), and Chris H.
• Why No One is Fixing the Vulnerabilities You Find Featuring Alex Olea (DevSecOps Engineer at Starburst ), James Kirk (Head of Security & Privacy at Jellyfish ), and Jenn Gile
• Why AppSec Priorities Shift Insights from Camilla Odlund , Darren Meyer , and Jamie S. of Endor Labs

Mark your calendar for a day packed with learning, networking, and all things AppSec!