Endor Labs, a leader in software supply chain security, has announced a strategic investment from Citi Ventures. This investment further validates Endor Labs’ innovative approach to securing the software supply chain and follows the company’s $70M oversubscribed Series A financing from Lightspeed Venture Partners (LSVP), Coatue, Dell Technologies Capital, Section 32, and over 30 industry-leading CEOs, CISOs, and CTOs.
Founded in 2022 by industry veterans and serial entrepreneurs Varun Badhwar and Dimitri Stiliadis, Endor Labs addresses a significant and often overlooked need in application security. As development teams increasingly rely on dependencies such as Open Source Software (OSS), LLMs, containers, code repositories, and various CI/CD pipeline tools, they introduce risks that are not always visible to development and security teams.
Application security teams spend extensive time identifying which risks to prioritize, while developers face overwhelming numbers of uncontextualized security alerts. Endor Labs helps by identifying meaningful, reachable risks throughout the software development lifecycle, providing teams with the necessary evidence to address only the most critical issues.
Since its inception, Endor Labs has rapidly gained traction with Fortune 500 enterprises and emerging cloud-native companies. The company was a finalist at the 2023 RSA Conference Innovation Sandbox and 2023 Black Hat Startup Spotlight, a SINET16 Innovator Award Winner, and has been frequently cited as one of the Best Places to Work.
“Financial institutions employ tens of thousands of developers and often lead in innovation and application development,” said Endor Labs CEO and co-founder, Varun Badhwar. “Software supply chain security is now a board-level concern because neglecting it can expose organizations to significant risks and result in substantial losses in developer productivity. Endor Labs already serves some of the largest financial institutions in the US, and our partnership with Citi provides valuable insights to address challenges at this scale.”
Citi Ventures invests in startups that revolutionize financial services, with a presence in regions ranging from Palo Alto to Singapore and Tel Aviv.
“Citi operates one of the largest software development organizations globally,” said Clark Smith, Head of Engineering and Architecture for CISO & Managing Director at Citi. “At this scale, lost productivity due to false positive alerts is a major issue. Endor Labs seamlessly integrates into the developer workflow, pinpointing supply chain risks that may affect our business.”
“Endor Labs represents the next major innovation in application security,” said Matt Carbonara, Head of Enterprise Tech Investing at Citi Ventures. “Their platform significantly improves how vulnerabilities are analyzed. Developers have long had to manually assess if vulnerabilities are exercised in production. Endor Labs’ reachability analysis will become essential for enterprises, focusing developer efforts on the most critical vulnerabilities and saving countless hours. We’re excited to invest in and partner with Varun and the team.”
Meet us at Black Hat on August 6 in Las Vegas: Endor Labs Black Hat USA 2024
Try the Endor Labs Software Supply Chain Security Platform free for 30 days:
Select Better Open Source Software: Choose better open-source dependencies with over 150 checks and scoring based on security, legal, popularity, activity, and quality. Defend against OWASP OSS Top 10 Risks such as typosquatting, malicious, and abandoned dependencies.
Prioritize Open Source Vulnerabilities (SCA): Reduce vulnerability noise by over 90% with function-level reachability analysis across both direct and transitive dependencies. Create customizable policies to provide developer feedback in PR comments, break builds in CI, or notify via Jira tickets.
Secure Repositories and CI/CD Pipelines: Gain visibility into security tool coverage across CI/CD pipelines and continuously monitor the security posture of source code repositories. Detect misconfigurations, best practices, and risks with over 50 out-of-the-box policies, including coverage for CIS best practices for GitHub.
Trust What You Ship with Artifact Signing: Ensure the authenticity of software artifacts with a single GitHub action. Artifact signing is an easy alternative to Sigstore, confirming code provenance and integrity. Cryptographic artifact signatures enable strong admission control and traceability for effective security, quality, and compliance programs.
Ensure Compliance Across the SDLC: Detect legal and licensing risks, and centrally create, manage, and analyze SBOM & VEX. Prioritize applicable vulnerabilities for PCI-DSS and FedRamp and accelerate compliance with CIS, NIST, SSDF, SLSA, and EO 14028.
