Upgrades and remediation (Beta)

Security teams spend a lot of time and resources identifying and resolving the risks in their environment. However, many vulnerabilities can be resolved with a distinct set of actions, such as upgrading to higher versions. These few actions can significantly improve your security posture. Endor Labs provides holistic recommendations for your software updates so that you can manage risk based on actions, not just findings.

Often, updates are trivialized. Sometimes, updating a single line of code—like changing version 1.0.0 to 1.0.1—can fix a vulnerability. However, these simple updates can also introduce hidden risks, such as breaking changes, bugs, performance issues, or specific version constraints that must be addressed. This is a challenge of open-source software reuse. We innovate quickly, but upgrading to fix issues or leverage new features can necessitate code refactoring for compatibility.

Endor Labs upgrade and remediation workflows provide an end-to-end solution to help you discover, prioritize, and resolve risk using the following two key components:

Upgrade Impact Analysis identifies and recommends upgrades for your dependencies. By pinpointing the distinct actions that can resolve your vulnerabilities and mitigate the risks associated with updates, your security program can make more informed risk management decisions and triage issues more effectively. See Upgrade impact analysis for more information.

Endor Patches Endor Labs backports security fixes to your packages, allowing you to minimize the impact of software updates. By using an Endor patch, you can update the libraries with a minimally viable security patch that reduces your risk of breaking changes, bugs, or performance issues associated with an upgrade. See using Endor patches for more information.

The following diagram demonstrates an example of a vulnerability prioritization process performed by security teams:

Vulnerability Prioritization