{"id":82400,"date":"2025-02-07T09:00:17","date_gmt":"2025-02-07T17:00:17","guid":{"rendered":"https:\/\/github.blog\/?p=82400"},"modified":"2025-02-07T10:45:39","modified_gmt":"2025-02-07T18:45:39","slug":"from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca","status":"publish","type":"post","link":"https:\/\/github.blog\/security\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\/","title":{"rendered":"From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA"},"content":{"rendered":"<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD HTML 4.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/REC-html40\/loose.dtd\">\n<html><body><p>It&rsquo;s no wonder developers are increasingly overwhelmed. The number of <a href=\"https:\/\/github.blog\/security\/supply-chain-security\/securing-the-open-source-supply-chain-the-essential-role-of-cves\/\">new CVEs published each year<\/a> has increased by nearly 500% in the last decade. And the average project, with just 10 direct dependencies, can have hundreds of indirect dependencies. Put simply, developers are often buried under a mountain of security alerts and unable to prioritize which ones to remediate first.<\/p>\n<p>While high-profile supply chain attacks like last year&rsquo;s XZ Utils backdoor tend to capture attention, the danger they pose is just a fraction of the overall threat landscape. The bigger risk often comes from unpatched vulnerabilities in lesser-known open source dependencies.<\/p>\n<p>GitHub&rsquo;s partnership with Endor Labs cuts through the noise to help developers <em>accurately<\/em> identify, remediate, and fix the most critical vulnerabilities&mdash;without ever leaving GitHub.<\/p>\n<aside class=\"p-4 p-md-6 post-aside--large\"><p class=\"h5-mktg gh-aside-title\">Fixes in minutes, not months<\/p><p>GitHub Advanced Security helps teams eliminate security debt and prevent new vulnerabilities with AI-powered remediation, static analysis, secret scanning, and software composition analysis.<\/p>\n<p><a href=\"https:\/\/github.com\/enterprise\/advanced-security?utm_source=github_blog&amp;utm_medium=endor_labs_github_advanced_security&amp;utm_campaign=announcement\">Learn about GitHub Advanced Security &gt;<\/a><\/p>\n<\/aside>\n<\/p><p>With Endor Labs software composition analysis (SCA) integrated into GitHub Advanced Security and Dependabot, development teams can dismiss up to 92% of low-risk dependency security alerts to focus instead on the vulnerabilities that matter most.<\/p>\n<figure id=\"attachment_82484\"  class=\"wp-caption aligncenter mx-0\"><img data-recalc-dims=\"1\" decoding=\"async\" width=\"1250\" height=\"499\" loading=\"lazy\" src=\"https:\/\/github.blog\/wp-content\/uploads\/2025\/02\/code-scanning.png?resize=1250%2C499\" alt=\"A GitHub code scanning page shows several active vulnerabilities from GitHub&rsquo;s advisory database labeled 'Critical' by Endor Labs.\" class=\"width-fit size-full wp-image-82484 width-fit\" srcset=\"https:\/\/github.blog\/wp-content\/uploads\/2025\/02\/code-scanning.png?w=1250 1250w, https:\/\/github.blog\/wp-content\/uploads\/2025\/02\/code-scanning.png?w=300 300w, https:\/\/github.blog\/wp-content\/uploads\/2025\/02\/code-scanning.png?w=768 768w, https:\/\/github.blog\/wp-content\/uploads\/2025\/02\/code-scanning.png?w=1024 1024w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><figcaption class=\"text-mono color-fg-muted mt-14px f5-mktg\">Prioritize Endor Labs findings in GitHub based on function-level vulnerability reachability for both direct and transitive dependencies.<\/figcaption><\/figure>\n<h2 id=\"how-it-works\" id=\"how-it-works\" ><a class=\"heading-link\" href=\"#how-it-works\">How it works<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"><\/span><\/a><\/h2>\n<h3 id=\"endor-labs-sca-brings-context-into-open-source-vulnerability-detection\" id=\"endor-labs-sca-brings-context-into-open-source-vulnerability-detection\" ><a class=\"heading-link\" href=\"#endor-labs-sca-brings-context-into-open-source-vulnerability-detection\">Endor Labs SCA brings context into open source vulnerability detection<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"><\/span><\/a><\/h3>\n<p>Endor Labs SCA helps identify and prioritize dependency vulnerabilities by their potential impact, according to factors like reachability, exploitability, and more. For example, Endor Labs checks if the vulnerable function of a given dependency is actually reachable by your application or if it is just sitting on an unused corner of a transitive dependency. Security teams can also configure risk, licensing, and permission profiles to ensure developers are not bothered unless the risk is truly warranted.<\/p>\n<div class=\"mod-vh position-relative\" style=\"height: 0; padding-bottom: calc((9 \/ 16)*100%);\">\n\t\t\t<iframe loading=\"lazy\" class=\"position-absolute top-0 left-0 width-full height-full\" src=\"https:\/\/www.youtube.com\/embed\/kZFymzYHmPk?version=3&amp;rel=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;fs=1&amp;hl=en-US&amp;autohide=2&amp;wmode=transparent\" title=\"YouTube video player\" allow=\"accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen=\"\" frameborder=\"0\"><\/iframe>\n\t\t<\/div>\n<h3 id=\"prioritize-and-fix-open-source-vulnerabilities-with-github\" id=\"prioritize-and-fix-open-source-vulnerabilities-with-github\" ><a class=\"heading-link\" href=\"#prioritize-and-fix-open-source-vulnerabilities-with-github\">Prioritize and fix open source vulnerabilities with GitHub<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"><\/span><\/a><\/h3>\n<p>GitHub Advanced Security integrates crucial security practices directly into the development workflow, offering developers a streamlined way to secure their code. Its features are free for open source maintainers, including dependency review, secret scanning, code scanning, and Copilot Autofix.<\/p>\n<p>Dependabot, available for free to all GitHub users, automates dependency updates, so you can spend more time building. Developers can remediate vulnerabilities by merging Dependabot-authored pull requests with the click of a button or by applying Endor Patches.<\/p>\n<h3 id=\"secure-your-automated-workflows\" id=\"secure-your-automated-workflows\" ><a class=\"heading-link\" href=\"#secure-your-automated-workflows\">Secure your automated workflows<span class=\"heading-hash pl-2 text-italic text-bold\" aria-hidden=\"true\"><\/span><\/a><\/h3>\n<p>GitHub Actions makes it easy to automate all your software workflows, whether you want to build a container, deploy a web service, or welcome new users to your open source project. These actions are often updated with bug fixes and new features, which can take time to maintain.<\/p>\n<p>Endor Labs automatically discovers in-use actions and their dependencies to ensure they fit your risk, licensing, and permission profiles. Dependabot automatically updates your dependencies, and <a href=\"https:\/\/docs.github.com\/en\/code-security\/code-scanning\">code scanning<\/a> helps identify existing workflow configuration vulnerabilities and prevent new ones.<\/p>\n<aside class=\"p-4 p-md-6 post-aside--large\"><p class=\"h5-mktg gh-aside-title\">Achieve SLSA3 compliance with GitHub Actions and Artifact Attestations<\/p><p>With GitHub Actions, you can build, test, and deploy your code right from GitHub. <a href=\"https:\/\/github.blog\/changelog\/2024-06-25-artifact-attestations-is-generally-available\/\">Artifact Attestations<\/a> let you create provenance signatures, which provide an unforgeable paper trail that links your artifact back to its originating workflow run. Gate deployments through attestation verification to ensure that what you deploy is exactly what you built, guaranteeing that the artifact has not been tampered with. This significantly mitigates the most common attack vectors targeting your build pipelines.<\/p>\n<\/aside>\n<div class=\"post-content-cta\"><p><strong>Get started<\/strong><br \/>\n<a href=\"https:\/\/www.endorlabs.com\/demo-request-github#hero\">Sign up with Endor Labs<\/a> and learn more about <a href=\"https:\/\/docs.endorlabs.com\/deployment\/monitoring-scans\/github-app\/\">getting started with the Endor Labs GitHub App<\/a>.<\/p>\n<\/div>\n<\/p><\/body><\/html>\n","protected":false},"excerpt":{"rendered":"<p>The partnership between GitHub and Endor Labs enables application security engineers and developers to drastically reduce time spent on open source vulnerabilities, and gives them the tools to go from finding to fixing.<\/p>\n","protected":false},"author":1690,"featured_media":80095,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_gh_post_show_toc":"yes","_gh_post_is_no_robots":"no","_gh_post_is_featured":"yes","_gh_post_is_excluded":"no","_gh_post_is_unlisted":"no","_gh_post_related_link_1":"","_gh_post_related_link_2":"","_gh_post_related_link_3":"","_gh_post_sq_img":"","_gh_post_sq_img_id":"","_gh_post_cta_title":"","_gh_post_cta_text":"","_gh_post_cta_link":"","_gh_post_cta_button":"Click Here to Learn More","_gh_post_recirc_hide":"no","_gh_post_recirc_col_1":"78957","_gh_post_recirc_col_2":"78959","_gh_post_recirc_col_3":"78961","_gh_post_recirc_col_4":"65316","_featured_video":"","_gh_post_additional_query_params":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_wpas_customize_per_network":false,"_links_to":"","_links_to_target":""},"categories":[91],"tags":[2183],"coauthors":[2026,3516],"class_list":["post-82400","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-ghas"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA - The GitHub Blog<\/title>\n<meta name=\"description\" content=\"The partnership between GitHub and Endor Labs enables application security engineers and developers to drastically reduce time spent on open source vulnerabilities, and gives them the tools to go from finding to fixing.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/github.blog\/security\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA\" \/>\n<meta property=\"og:description\" content=\"The partnership between GitHub and Endor Labs enables application security engineers and developers to drastically reduce time spent on open source vulnerabilities, and gives them the tools to go from finding to fixing.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/github.blog\/security\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\/\" \/>\n<meta property=\"og:site_name\" content=\"The GitHub Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-02-07T17:00:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-02-07T18:45:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/github.blog\/wp-content\/uploads\/2024\/09\/Security-LightMode-3-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Mario Rodriguez, Varun Badhwar\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mario Rodriguez, Varun Badhwar\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\\\/\"},\"author\":{\"name\":\"Mario Rodriguez\",\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/ed711f3458e27acbbf08f5059ff6c85d\"},\"headline\":\"From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA\",\"datePublished\":\"2025-02-07T17:00:17+00:00\",\"dateModified\":\"2025-02-07T18:45:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\\\/\"},\"wordCount\":645,\"image\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/Security-LightMode-3-1.png?fit=1200%2C630\",\"keywords\":[\"GHAS\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\\\/\",\"url\":\"https:\\\/\\\/github.blog\\\/security\\\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\\\/\",\"name\":\"From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA - The GitHub Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/github.blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/Security-LightMode-3-1.png?fit=1200%2C630\",\"datePublished\":\"2025-02-07T17:00:17+00:00\",\"dateModified\":\"2025-02-07T18:45:39+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/ed711f3458e27acbbf08f5059ff6c85d\"},\"description\":\"The partnership between GitHub and Endor Labs enables application security engineers and developers to drastically reduce time spent on open source vulnerabilities, and gives them the tools to go from finding to fixing.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/github.blog\\\/security\\\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\\\/#primaryimage\",\"url\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/Security-LightMode-3-1.png?fit=1200%2C630\",\"contentUrl\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/Security-LightMode-3-1.png?fit=1200%2C630\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/github.blog\\\/security\\\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/github.blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/github.blog\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/github.blog\\\/#website\",\"url\":\"https:\\\/\\\/github.blog\\\/\",\"name\":\"The GitHub Blog\",\"description\":\"Updates, ideas, and inspiration from GitHub to help developers build and design software.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/github.blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/ed711f3458e27acbbf08f5059ff6c85d\",\"name\":\"Mario Rodriguez\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ae163c5d1404480730e3d3e100f8e50fcc42bc9e1b725070a32ad8c1fa67e027?s=96&d=mm&r=ge1fbe8d07cea2f0f4899d0987d264cd7\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ae163c5d1404480730e3d3e100f8e50fcc42bc9e1b725070a32ad8c1fa67e027?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ae163c5d1404480730e3d3e100f8e50fcc42bc9e1b725070a32ad8c1fa67e027?s=96&d=mm&r=g\",\"caption\":\"Mario Rodriguez\"},\"description\":\"Mario Rodriguez leads the GitHub Product team as Chief Product Officer. His core identity is being a learner and his passion is creating developer tools\u2014so much so that he has spent the last 20 years living that mission in leadership roles across Microsoft and GitHub. Mario most recently oversaw GitHub\u2019s AI strategy and the GitHub Copilot product line, launching and growing Copilot across thousands of organizations and millions of users. Mario spends time outside of GitHub with his wife and two daughters. He also co-chairs and founded a charter school in an effort to progress education in rural regions of the United States.\",\"url\":\"https:\\\/\\\/github.blog\\\/author\\\/mariorod\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA - The GitHub Blog","description":"The partnership between GitHub and Endor Labs enables application security engineers and developers to drastically reduce time spent on open source vulnerabilities, and gives them the tools to go from finding to fixing.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/github.blog\/security\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\/","og_locale":"en_US","og_type":"article","og_title":"From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA","og_description":"The partnership between GitHub and Endor Labs enables application security engineers and developers to drastically reduce time spent on open source vulnerabilities, and gives them the tools to go from finding to fixing.","og_url":"https:\/\/github.blog\/security\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\/","og_site_name":"The GitHub Blog","article_published_time":"2025-02-07T17:00:17+00:00","article_modified_time":"2025-02-07T18:45:39+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/github.blog\/wp-content\/uploads\/2024\/09\/Security-LightMode-3-1.png","type":"image\/png"}],"author":"Mario Rodriguez, Varun Badhwar","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Mario Rodriguez, Varun Badhwar","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/github.blog\/security\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\/#article","isPartOf":{"@id":"https:\/\/github.blog\/security\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\/"},"author":{"name":"Mario Rodriguez","@id":"https:\/\/github.blog\/#\/schema\/person\/ed711f3458e27acbbf08f5059ff6c85d"},"headline":"From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA","datePublished":"2025-02-07T17:00:17+00:00","dateModified":"2025-02-07T18:45:39+00:00","mainEntityOfPage":{"@id":"https:\/\/github.blog\/security\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\/"},"wordCount":645,"image":{"@id":"https:\/\/github.blog\/security\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\/#primaryimage"},"thumbnailUrl":"https:\/\/github.blog\/wp-content\/uploads\/2024\/09\/Security-LightMode-3-1.png?fit=1200%2C630","keywords":["GHAS"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/github.blog\/security\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\/","url":"https:\/\/github.blog\/security\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\/","name":"From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA - The GitHub Blog","isPartOf":{"@id":"https:\/\/github.blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/github.blog\/security\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\/#primaryimage"},"image":{"@id":"https:\/\/github.blog\/security\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\/#primaryimage"},"thumbnailUrl":"https:\/\/github.blog\/wp-content\/uploads\/2024\/09\/Security-LightMode-3-1.png?fit=1200%2C630","datePublished":"2025-02-07T17:00:17+00:00","dateModified":"2025-02-07T18:45:39+00:00","author":{"@id":"https:\/\/github.blog\/#\/schema\/person\/ed711f3458e27acbbf08f5059ff6c85d"},"description":"The partnership between GitHub and Endor Labs enables application security engineers and developers to drastically reduce time spent on open source vulnerabilities, and gives them the tools to go from finding to fixing.","breadcrumb":{"@id":"https:\/\/github.blog\/security\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/github.blog\/security\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/github.blog\/security\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\/#primaryimage","url":"https:\/\/github.blog\/wp-content\/uploads\/2024\/09\/Security-LightMode-3-1.png?fit=1200%2C630","contentUrl":"https:\/\/github.blog\/wp-content\/uploads\/2024\/09\/Security-LightMode-3-1.png?fit=1200%2C630","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/github.blog\/security\/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/github.blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/github.blog\/security\/"},{"@type":"ListItem","position":3,"name":"From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA"}]},{"@type":"WebSite","@id":"https:\/\/github.blog\/#website","url":"https:\/\/github.blog\/","name":"The GitHub Blog","description":"Updates, ideas, and inspiration from GitHub to help developers build and design software.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/github.blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/github.blog\/#\/schema\/person\/ed711f3458e27acbbf08f5059ff6c85d","name":"Mario Rodriguez","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/ae163c5d1404480730e3d3e100f8e50fcc42bc9e1b725070a32ad8c1fa67e027?s=96&d=mm&r=ge1fbe8d07cea2f0f4899d0987d264cd7","url":"https:\/\/secure.gravatar.com\/avatar\/ae163c5d1404480730e3d3e100f8e50fcc42bc9e1b725070a32ad8c1fa67e027?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ae163c5d1404480730e3d3e100f8e50fcc42bc9e1b725070a32ad8c1fa67e027?s=96&d=mm&r=g","caption":"Mario Rodriguez"},"description":"Mario Rodriguez leads the GitHub Product team as Chief Product Officer. His core identity is being a learner and his passion is creating developer tools\u2014so much so that he has spent the last 20 years living that mission in leadership roles across Microsoft and GitHub. Mario most recently oversaw GitHub\u2019s AI strategy and the GitHub Copilot product line, launching and growing Copilot across thousands of organizations and millions of users. Mario spends time outside of GitHub with his wife and two daughters. He also co-chairs and founded a charter school in an effort to progress education in rural regions of the United States.","url":"https:\/\/github.blog\/author\/mariorod\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/github.blog\/wp-content\/uploads\/2024\/09\/Security-LightMode-3-1.png?fit=1200%2C630","jetpack_shortlink":"https:\/\/wp.me\/pamS32-lr2","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/82400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/users\/1690"}],"replies":[{"embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/comments?post=82400"}],"version-history":[{"count":38,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/82400\/revisions"}],"predecessor-version":[{"id":82402,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/82400\/revisions\/82402"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/media\/80095"}],"wp:attachment":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/media?parent=82400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/categories?post=82400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/tags?post=82400"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/coauthors?post=82400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}