Endor Labs Launches With $25M to Make Open-Source Software More Secure

The company’s solution helps organizations secure, monitor and maintain their open-source software dependencies.

Written by Ashley Bowden
Published on Oct. 10, 2022
Varun Badhwar, Endor Labs’ co-founder and CEO
Varun Badhwar, Endor Labs’ co-founder and CEO. | Photo: Endor Labs

As companies work to keep up with the rapidly changing digital environment, Endor Labs wants to ensure their software is built as securely as possible. The Palo Alto-based company emerged from stealth on Monday with a $25 million round of seed funding to help organizations speed up app development and avoid security issues.

Building a digital solution from scratch takes a wealth of time that most organizations these days don’t tend to have, so it’s not uncommon for software developers to build products using code that others have already written and shared online. Most modern applications contain up to 90 percent of code from the open-source community

However, while this method is immensely convenient, it creates a web of potential issues. Just as one developer will use an open-source developer’s code, that open-source developer has also borrowed code from yet another person. Ultimately, this generates a sprawl of dependencies that companies are responsible for maintaining.

Also in San FranciscoPoshmark Was Acquired, SingleStore Got $146M, and More SF Tech News

“When you import something from the open-source ecosystem, it becomes a dependency for you. In an average enterprise of about 10,000 employees, we’ve found that developers bring in about 40,000 direct dependencies,” Varun Badhwar, Endor Labs’ co-founder and CEO, told Built In. “Now the crazy part is every time a developer imports one direct dependency … that brings with it 77 other dependencies.”

Endor Labs is working to address this growing problem within the IT industry with its dependency lifecycle management product. This solution offers program analysis, which helps companies understand which parts of dependency code they use and the nuances of that code. It also provides risk scoring to evaluate the developers behind dependencies and help clients better determine which software they should include. The last element of Endor Labs’ tech helps companies manage all their components and respond immediately to any incidents.

Founded in 2021, the platform has been operating in a private beta with companies ranging in size from 200 employees to 35,000.

Endor Labs’ main focus is ensuring that software developers can devote their full attention to product innovation without worrying about security along their software supply chain. The matter of open-source software safety has become so much of a concern that the Senate introduced the Securing Open Source Software Act last month. The bill aims to protect open-source software from cyberattacks as code reuse continues to occur.

“We think that the right way for the industry to move forward is for engineers to be able to actually maximize software reuse, focus on innovation and product development, and not be drowning in tens of thousands of [meaningless] alerts from security tools,” Badhwar said.

To achieve this goal, the Endor Labs is putting its new capital to work. Its latest funding round came from investors including Lightspeed Venture Partners, Dell Technologies Capital and Sierra Ventures. 

Endor Labs will invest the new capital in expanding its team as it advances its product roadmap. The company is actively hiring for sales, product and engineering roles with plans to grow its current team of 32 to more than 75 over the next 12 months, Badhwar said.

Explore Job Matches.