More Than 30 Industry-Leading CISOs Personally Invest in Endor Labs’ Mission to Secure Open Source Software for App Development

Endor Labs is proud to announce a strategic investment from members of the Silicon Valley CISO Investments (SVCI) group, an angel syndicate powered by GGV Capital, a $9.2B global multi-stage VC firm, and one of the most highly regarded investment collectives in tech security. The investment followed a rigorous review of startups in the supply chain and open source security space. Security executives from Robert Half, Ross Stores, Chime, Adobe, BlackHawk, ICE, HashiCorp, Flexport and more, have all chosen to take a personal stake in the new company.

“Endor Labs is tackling one of the most painful problems security and engineering teams face today: How do you accelerate development with open source software without exposing yourself to risk? This company features a world-class team of engineers and executives who have developed a unique approach with truly innovative technology, and the strong response from our members validates that they’re on to something big. We’re excited for our partnership!” — Oren Yunger, Partner at GGV Capital. 

Endor Labs’ Dependency Lifecycle Management Platform is designed to address the weakest link in software supply chain security: the ungoverned sprawl of open source software in the enterprise. Endor Labs’ mission is to help developers spend less time dealing with security issues and more time accelerating development through safe code reuse.With this solution, development and security teams are able to maximize software reuse by safely evaluating, maintaining, and updating dependencies at scale. 

Endor Labs goes beyond traditional methods of metadata and vulnerability scanning by using program analysis and call graphs to gain a deeper understanding of how dependencies are being used across the organization. This level of static analysis enables organizations to prioritize reachable and exploitable vulnerabilities. The ingestion and cross-referencing of call graph and SBOM data, along with CI/CD insights, also helps with the detection of risk patterns that would otherwise go unnoticed.

The company, co-founded by CEO Varun Badhwar and CTO Dimitri Stiliadis, has so far raised $25M from Lightspeed Venture Partners, Dell Technologies Capital, and Sierra Ventures, along with the latest endorsement from business leaders in SVCI. These include Nikesh Arora, CEO of Palo Alto Networks; Jay Chaudhary, CEO of Zscaler; Sanjay Beri, CEO of Netskope; Bipul Sinha, CEO of Rubrik; Aparna Bawa, COO of Zoom; and Sri Viswanathan, Former CTO of Atlassian.

“Endor Labs is doing the heavy lifting of bringing decades of academic work on program analysis and call graphs into the real world. This level of insight into how code is actually being used across the organization is going to be a game changer for both security and engineering teams.” — Niall Browne, CISO

"The talent speaks for itself: Endor Labs has attracted top data scientists who’ve been leading the research on dependency management, program analysis, and call graphs. Bringing these concepts to the real world provides an unprecedented level of visibility into how code is being used, and gives engineering teams a productivity boost as they maximize the potential of OSS even while enhancing security." — Roger Hale, CISO, Agora