Endor Labs raises $70M to ease application security, streamline developer productivity

DevSecOps platform Endor Labs today announced the successful completion of its series A funding, with the company raising $70 million only 10 months after inception. The funding was led by Lightspeed Venture Partners (LSVP), Coatue, Dell Technologies Capital and Section 32, with support from more than 30 esteemed industry leaders, including CEOs, CISOs and CTOs.

Arif Janmohamed from Lightspeed, Sri Viswanath from Coatue (former CTO of Atlassian) and Deepak Jeevankumar from Dell Technologies Capital will join Endor Labs’ board, as announced by the company.

Endor Labs said the latest funding will enable it to develop efficient application security programs that eliminate the developer productivity tax.

“The new funding will help grow our existing capabilities and allow us to benefit other areas of the Software Development Lifecycle (SDLC), where AppSec can help developers ship secure code without a productivity tax,” Varun Badhwar, CEO and co-founder of Endor Labs, told VentureBeat. “We will continue investing in the channel and expanding our go-to-market initiatives globally.”

High-quality, secure OSS from the outset

Developers spend more than half of their time dealing with constant security alerts, integrating and maintaining security tools in continuous integration and continuous delivery (CI/CD) pipelines, and negotiating priorities and exceptions with security teams.

Endor Labs has built its foundation on open-source software (OSS) governance to address the pressing issue of over 90% of code in modern applications originating from OSS repositories.

The company aims to help teams select and maintain high-quality and secure OSS from the outset, substantially reducing 80% of vulnerability noise by accurately identifying reachable and exploitable risks that could genuinely impact operations.

“Our Code and Pipeline Governance Platform goes beyond known vulnerabilities to give security teams a way to measure security and operational risk,” Badhwar told VentureBeat. “The capability reduces false positives by up to 80% compared to traditional Software Composition Analysis (SCA) tools. The platform offers deep visibility into software inventory required for such analysis and also enables organizations to generate accurate Software Bills of Materials (SBOMs) and Vulnerability Exploitability eXchange (VEX) documents in just a few clicks.”

Enhancing application security through increased threat visibility 

Badhwar emphasized that engineering teams face constant demands to deploy numerous AppSec tools in the CI/CD pipeline, burdening developers, impeding feature delivery and creating friction between engineering and security teams. He believes the solution lies in consolidating the DevSecOps toolchain, streamlining tool deployments and prioritizing critical risks.

The company focuses on surfacing risks that have a material impact while consolidating AppSec capabilities into one platform.

“Talented application developers were going on message boards and consulting other resources to ask about the safety of their software dependencies because they had virtually no visibility into the software packages they were using, or even how and where they were being used,” said Badhwar. “Security took a toll on productivity. At Endor Labs, we aim to address this challenge directly.”

He said the company addresses a crucial yet often overlooked security challenge: With increasing demand for customized applications, infrastructure attacks grow more sophisticated. Mandates call for enhanced protection, making this category increasingly significant.

“We help customers prioritize risks across open source code, CI/CD,” Badhwar explained. “Our customers have found that traditional SCA tools generate too much noise, while our approach focuses on surfacing reachable and exploitable risks. In the past few months, we’ve expanded our portfolio significantly to become the Code and Pipeline Governance Platform, focused on building effective application security programs that let security and development teams address the 20% of issues that cause 80% of the risk.”

Tackling the growing challenge of DevSecOps productivity 

Badhwar noted that 2023 marks the company’s first year of selling, during which Endor Labs has already secured notable customers including Five9, RocketLawyer, MileIQ, Cowbell and Navan.

“One of our customers is a large financial institution where developers were losing countless hours tracking vulnerabilities surfaced by the security teams. Our products have eliminated this inefficiency, reducing false positive alerts by 76%,” he added. “We believe that our company is meeting an urgent need. With the new funding, it’s time to go bigger and broader.”

Badhwar commended the increasing number of platform teams planning to integrate application security tools in the coming years. However, he cautioned that if this integration burdens developers with additional time and resources, as is evident with the current ‘productivity tax,’ the benefits may be nullified.

“We deliver the security without the tax — and in the process, we aim to bring positive disruption to the entire application development universe,” he explained. “Our goal is not only to enhance security in the software supply chain, but to ensure that heightened protection does not stifle innovation and new capabilities. Our technology is designed to strike that balance: AppSec specialists can focus on surfacing only the most crucial risks and gather the evidence necessary to communicate why these risks demand attention.”

What’s next for Endor Labs? 

Endor Labs is focused on addressing future AppSec challenges, Badhwar said, and developing corresponding solutions. Consequently, the company is expanding its core offerings to cover various security and governance issues.

He emphasized that the market is continually evolving, with new attack vectors, emerging security tools that may have both positive and negative impacts and a constant stream of well-intentioned mandates and regulations that can affect developer productivity.

Therefore, optimizing developer input remains an ongoing challenge and priority for the company, he said. 

“Our open-source community has always been vibrant and invaluable, and Endor Labs is committed to matching that output with continuous innovation,” Badhwar said. “In the future, you can expect more features from us to identify vulnerabilities, capabilities to reduce the attack surface and highlight significant risks, and enhanced mechanisms to ensure compliance with the latest regulations.”