Flow RecipesTechnology

Building an Integrated DevSecOps Toolchain with Endor Labs

Endor Labs builds a complete graph of your software estate, so teams can pinpoint and fix critical risks in complex, dependency-rich code—whether written by humans or AI.

DevSecOps, an evolution of DevOps, integrates security practices into the Software Development Life Cycle (SDLC) to ensure that security is a shared responsibility across development, operations, and security teams.

Within the context of DevOps Flow, DevSecOps aligns with the principles of optimizing throughput—the rate at which valuable deliverables reach production—by embedding security into workflows, leveraging automation, and fostering collaboration to address bottlenecks, such as those introduced by standalone testing departments or manual security processes.

Integrate security practices early in the SDLC, from requirements gathering to coding and testing, rather than treating security as a late-stage gate. This includes writing secure code, conducting static code analysis, and embedding security tests in CI/CD pipelines.

Automate Security Testing

Endor Labs builds a complete graph of your software estate, so teams can pinpoint and fix critical risks in complex, dependency-rich code—whether written by humans or AI.

Integrations embed Endor Labs’ capabilities—such as reachability-based Software Composition Analysis (SCA), Static Application Security Testing (SAST), container scanning, and secrets detection—directly into the workflows and platforms developers and security teams already use, minimizing context switching and streamlining vulnerability management across the software development lifecycle (SDLC).

A key integration is with GitHub Advanced Security, which allows developers to view and remediate SCA alerts within the GitHub interface, leveraging tools like Dependabot for automated dependency updates and Endor Patches for precise fixes. This integration supports open-source dependency scoring based on over 150 checks for security, legal, popularity, activity, and quality, defending against risks like typosquatting and malicious dependencies.

Similarly, Endor Labs integrates with Microsoft Defender for Cloud, providing reachability analysis and attack path visibility directly in the Defender console.

This enables security teams to prioritize exploitable vulnerabilities across codebases and runtime environments, correlating findings from Azure DevOps, GitHub, or GitLab to cloud workloads on Azure, AWS, or Google Cloud.For CI/CD pipelines, Endor Labs integrates with platforms like GitLab, CircleCI, Jenkins, and Bitbucket, embedding security checks into build processes.

Alignment with DevOps Flow

The platform generates accurate Software Bill of Materials (SBOMs) and Vulnerability Exploitability eXchange (VEX) documents, supporting compliance with standards like PCI DSS and FedRAMP.

Endor Labs’ reachability analysis further enhances automation by prioritizing vulnerabilities based on their exploitability, using the Endor Score to assess risk across security, activity, popularity, and code quality metrics.

Automation addresses the manual testing bottleneck of standalone departments, increasing flow velocity and efficiency. Shift-left security reduces late defect detection, a bottleneck in traditional SDLCs, by catching vulnerabilities early, aligning with Agile’s iterative quality checks and Lean’s waste elimination. It minimizes rework, reducing flow time (a Flow Metric) and increasing throughput.

Endor Labs + Oligo

As described here integrating Endor Labs’ software supply chain security with Oligo’s runtime security enhances DevSecOps by addressing vulnerabilities across the Software Development Life Cycle (SDLC).

It aligns with DevOps Flow’s goal of optimizing throughput by eliminating bottlenecks, such as those from standalone testing departments, through AI-native and Cloud Native approaches. Endor Labs uses reachability analysis to prioritize exploitable vulnerabilities in open-source software (OSS), reducing noise by 92% and focusing developers on critical risks.

Oligo’s runtime security provides real-time threat detection and blocking, using eBPF to monitor application behavior without impacting performance. Together, they create a feedback loop: Endor Labs identifies vulnerabilities during development, and Oligo validates and protects at runtime, ensuring secure code and runtime alignment.

The integration automates remediation with Endor Patches, backporting fixes to older OSS versions, and supports compliance through SBOMs and VEX documents.

Related Articles

Back to top button