Open Source Software Analysis Tools by Endor Labs

Endor Labs unveiled new tools at Black Hat USA 2024 to enhance open source software security across its software supply chain platform, DevOps reports.

Additional features include analytics that assess the difficulty of upgrading an open source software package and the potential risk of disrupting application functionality. This capability allows DevSecOps teams to make more informed decisions about upgrading or patching a module. The platform also introduced Endor Magic Patches, which allow teams to apply patches from later releases to earlier versions of a module when an upgrade is deemed too risky or complicated.

The new tools address a critical flaw in existing software composition analysis tools that often identify vulnerabilities without offering practical advice on how to fix them, according to Jenn Gile, director of product marketing at Endor Labs. The improvement is especially important given the challenges of maintaining open source software, as seen with the infamous Log4J vulnerability. The updates are intended to help organizations better manage the risks associated with open source dependencies and respond quickly to emerging zero-day vulnerabilities.