Endor Labs Receives Strategic Investment from Citi Ventures

Endor Labs, a leader in software supply chain security, announced a strategic investment from Citi Ventures. In a further validation of Endor Labs' unique approach to securing the software supply chain, this comes less than a year after the company received $70M in oversubscribed Series A financing from Lightspeed Venture Partners (LSVP), Coatue, Dell Technologies Capital, Section 32 and more than 30 industry-leading CEOs, CISOs and CTOs.

Endor Labs was founded in 2022 by industry veterans and serial entrepreneurs Varun Badhwar and Dimitri Stiliadis to solve a massive yet largely neglected market need in application security. With the goal of shipping products faster, development teams rely on more and more dependencies as they develop their applications. These dependencies include Open Source Software (OSS), LLMs, containers, code repositories and arbitrary tools in CI/CD pipelines, which can introduce risks that development and security teams have no visibility into.

Today, application security teams spend countless hours investigating which risks should be prioritized, while developers drown in waves of uncontextualized security alerts. Endor Labs surfaces meaningful, reachable risks across dependencies in the software development lifecycle, helping teams get the evidence they need to fix only what matters.

Since its inception, Endor Labs has quickly gained traction with Fortune 500 enterprises as well as emerging cloud-native companies. Endor Labs was named a finalist at the 2023 RSA Conference Innovation Sandbox and 2023 Black Hat Startup Spotlight, a SINET16 Innovator Award Winner, and has been cited several times as one of the Best Places to Work.

"Financial institutions employ tens of thousands of developers, and often outpace technology companies with innovation and shipping new applications," said Endor Labs CEO and co-founder, Varun Badhwar. "Software supply chain security is now a board-level concern for these organizations, because ignoring it or getting it wrong not only exposes the organization to significant risk, but costs hundreds of millions in lost developer productivity. Endor Labs already serves some of the largest financial institutions in the US, and our work with Citi gives us even better insights into how to solve problems at this scale."

Citi Ventures, which has a presence in regions ranging from Palo Alto to Singapore and Tel Aviv, invests in the category-defining startups helping revolutionize financial services.

"Citi runs one of the largest software development organizations in the world," said Clark Smith, Head of Engineering and Architecture for CISO & Managing Director at Citi. "At this scale, lost productivity due to false positive alerts is a compounding issue. Endor Labs integrates seamlessly into the developer workflow and helps pinpoint supply chain risks that may affect our business."

"Endor Labs represents the next major innovation in application security," said Matt Carbonara, Head of Enterprise Tech Investing at Citi Ventures. "Their platform represents a technological step change in how vulnerabilities are analyzed. For a long time now, developers have had to manually analyze vulnerabilities to assess if they are exercised in production. We believe that the reachability analysis provided by Endor Labs will be a must-have technology for enterprises, focusing developers' efforts on only the most critical and reachable vulnerabilities and saving them countless hours. We're extremely excited to become investors and partner with Varun and team."

Meet Endor Labs at Black Hat August 6 in Las Vegas: https://www.endorlabs.com/events/black-hat-usa-2024

Try the Endor Labs Software Supply Chain Security Platform free for 30 days:

Select Better Open Source Software
Select better open source dependencies with 150+ checks and scoring based on security, legal, popularity, activity, and quality. Defend against OWASP OSS Top 10 Risks such as typosquatting, malicious and abandoned dependencies.

Prioritize Open Source Vulnerabilities (SCA)
Cut over 90% of vulnerability noise with function-level reachability analysis across both direct and transitive dependencies. Codify highly customizable policies to provide developers feedback in PR comments, break builds in CI, or simplify notify them via Jira tickets.

‍Secure Repositories and CI/CD Pipelines
Gain visibility into security tool coverage across your CI/CD pipelines and continuously monitor the security posture of source code repositories. Detect repo and GitHub Actions misconfigurations, best practices, and risks with over 50 out-of-the-box policies, including coverage for CIS best practices for GitHub.

‍Trust What You Ship with Artifact Signing
Ensure the authenticity of software artifacts with a single GitHub action. Artifact signing is a hassle-free alternative to Sigstore that confirms code provenance and lack of tampering. Cryptographic artifact signatures are a powerful tool to enable strong admission control and traceability to support effective security, quality, and compliance programs.

‍Ensure compliance across the SDLC
Detect legal and licensing risk, and centrally create, manage, and analyze SBOM & VEX. Prioritize applicable vulnerabilities for PCI-DSS and FedRamp and accelerate compliance with CIS, NIST, SSDF, SLSA, EO 14028, and more.

444 High St Ste 300, Palo Alto, CA 94301

The pace and complexity of software development is rapidly intensifying. Developers are trying to keep up by maximizing reuse of code (internally developed as well as open source), adopting microservices architectures, and relying on a vast array of third party tools and services to automate bits and pieces of the CI-CD process. However, this can quickly sprawl and become untenable, only causing more headaches for development and security teams in the long term. Our mission is to deliver the impossible - create secure software supply chains that actually make developers more productive, rather than drowning in useless alerts. For more information, visit https://www.endorlabs.com.

This release was published on openPR.