Endor Labs Receives Strategic Investment from Citi Ventures

PALO ALTO, Calif.–(BUSINESS WIRE)–#CISO—Endor Labs, a leader in software supply chain security, announced a strategic investment from Citi Ventures. Further validating Endor Labs’ unique approach to securing the software supply chain, this comes less than a year after the company received $70 million in oversubscribed Series A funding from Lightspeed Venture Partners (LSVP), Coatue, Dell Technologies Capital, Section 32, and more than 30 industry-leading CEOs, CISOs, and CTOs.

Endor Labs was founded in 2022 by industry veterans and serial entrepreneurs Varun Badhwar and Dimitri Stiliadis to solve a huge but largely neglected market need in application security. With the goal of shipping products faster, software teams are relying on an increasing number of dependencies when developing their applications. These dependencies include Open source Software (OSS), LLM, containers, code repositories, and any tools in CI/CD processes that may involve risks that development and security teams do not have visibility into.

Today, application security teams spend countless hours researching which risks to prioritize while developers are drowning in waves of uncontextualized security alerts. Endor Labs exposes significant, achievable risks across dependencies throughout the software lifecycle, helping teams get the evidence they need to fix only what matters.

Since its inception, Endor Labs has quickly gained popularity among Fortune 500 companies as well as emerging Cloud-native companies. Endor Labs was named a finalist in the 2023 RSA Conference Innovation Sandbox and 2023 Black Hat Startup Spotlight, a recipient of the SINET16 Innovator Award, and has been named one of the best places to work multiple times.

“Financial institutions employ tens of thousands of developers and often outpace technology companies in innovation and application delivery,” said Endor Labs CEO and co-founder Varun Badhwar. “Software supply chain security is a top priority for these organizations today, as ignoring it or doing it poorly not only exposes the organization to significant risk, but also costs hundreds of millions in lost developer productivity. Endor Labs already serves some of the largest financial institutions in the U.S., and our partnership with Citi gives us even greater insight into how to solve problems at this scale.”

With a presence in regions from Palo Alto to Singapore to Tel Aviv, Citi Ventures invests in category-defining startups that help revolutionize the financial services market.

“Citi runs one of the largest software organizations in the world,” said Clark Smith, Head of Engineering and Architecture, CISO and Managing Director, Citi. “At this scale, lost productivity due to false positives is a growing problem. Endor Labs integrates seamlessly with workflow and helps us identify supply chain risks that may impact our business.”

“Endor Labs is the next big thing in application security,” said Matt Carbonara, Head of Enterprise Tech Investing at Citi Ventures. “Their platform is a technological game-changer in the way we analyze vulnerabilities. For a long time, developers have had to manually analyze vulnerabilities to assess whether they are being exploited in production. We believe that Endor Labs’ availability analysis will be a must-have technology for enterprises, focusing developer efforts on only the most critical and accessible vulnerabilities and saving them countless hours. We are incredibly excited to be an investor and partner with Varun and the team.”

Meet us at Black Hat on August 6 in Las Vegas: https://www.endorlabs.com/events/black-hat-usa-2024

Try Endor Labs Software Supply Chain Security for free for 30 days:

Choose better Open Source software

Choose better open source dependencies with 150+ checks and scoring based on security, legality, popularity, activity, and quality. Defense against OWASP OSS top 10 threats like typosquatting, malicious, and abandoned dependencies.

Prioritize Open Source Security Approaches (SCA)

Eliminate 90%+ of vulnerability noise with feature-level reachability analysis across direct and transitive dependencies. Codify highly configurable policies to provide developer feedback in PR comments, break builds in CI, or simplify notifying them via Jira tickets.

Secure Repositories and CI/CD Pipelines

Gain insight into security tool coverage in your CI/CD processes and continuously monitor the security posture of your source code repositories. Detect repository misconfigurations and GitHub Actions, best practices, and threats with over 50 out-of-the-box policies, including CIS best practices coverage for GitHub.

Trust what you send with Artafact Signing

Ensure the authenticity of software artifacts with a single GitHub action. Artifact signing is a frictionless alternative to Sigstore that confirms code provenance and tamper-free. Cryptographic artifact signatures are a powerful tool that enables strong access controls and traceability to support effective security, quality, and compliance programs.

Ensure compliance throughout the SDLC lifecycle

Detect regulatory and licensing risks and centrally create, manage, and analyze SBOMs and VEXs. Prioritize relevant PCI-DSS and FedRamp vulnerabilities and accelerate compliance with CIS, NIST, SSDF, SLSA, EO 14028, and more.

About Endor Labs

The pace and complexity of software development are skyrocketing. Developers are trying to keep up by maximizing code reuse (both internally developed and open source), adopting microservices architectures, and relying on a wide range of third-party tools and services to automate parts of the CI-CD process. However, this can quickly become unsustainable and cause more headaches for development and security teams in the long run. Our mission is to deliver the impossible – to create secure software supply chains that actually make developers more productive, rather than drowning in useless alerts. For more information, visit https://www.endorlabs.com.

Communication

DUNNE ACCOUNT COMMUNICATION

[email protected]
+1 (408) 776 1400 +1 (408) 893 8750