Endor Labs Secures $70 Million Series A Funding

Endor Labs Secures $70 Million Series A Funding

The News: Endor Labs raised $70 million in an oversubscribed Series A funding round that included backing from Lightspeed Venture Partners (LSVP), Coatue, Dell Technologies Capital, and Section 32, as well as more than 30 CEOs, CISOs, and CTOs. The vendor will invest the funding in research and development to further its Code and Pipeline Governance Platform, as well as in expanding its go-to-market reach in the channel and in EMEA. Additional information is available on the Endor Labs blog.

Endor Labs Secures $70 Million Series A Funding

Analyst Take: The market dynamics surrounding CI/CD and open-source pipeline security are rapidly evolving as businesses prioritize efficient and secure software development practices. Continuous Integration and Continuous Deployment (CI/CD) methodologies have gained immense popularity due to their ability to accelerate the development process and improve software delivery. However, with the increasing reliance on open-source components in pipelines, there is a growing need for robust security solutions to address potential vulnerabilities and ensure the integrity of the entire software supply chain. As a result, the demand for comprehensive and automated security tools in the CI/CD space continues to rise, presenting significant opportunities for innovative security providers.

Fresh from its launch 10 months ago, Endor Labs has secured $70 million in a Series A funding round. The investment capital will be applied in two key areas. The first is furthering research and development (R&D) initiatives to advancing development of the company’s Code and Pipeline Governance Platform, which was designed to streamline DevSecOps processes as they pertain to open-source software development. The second is facilitating go-to-market initiatives focused on expanding the company’s reach in the channel and in EMEA.

As The Futurum Group learned in conversation with Endor CEO Varun Badhwar, who was previously at Palo Alto Networks and built its cloud-native security business from scratch to over $300 million annual recurring revenue (ARR) in 3 years, with the vendor’s Code and Pipeline Governance Platform, Endor Labs aims to enable DevSecOps teams to meet security and compliance requirements, including creating a software bill of materials (SBOM) and addressing critical vulnerabilities, without impacting their productivity. Effectively, the objective is to bake security in as a default component of the CI/CD pipeline and to allow security policies to be enforced consistently, without hampering developer productivity.

Today’s developers use a host of open-source components and libraries as they script applications; in fact, according to Endor Labs, 90% of code in modern applications is open source. While speeding development operations by avoiding the need for developers to create everything from scratch, the tradeoff inherent in this approach is the creation of a plethora of dependencies that developers themselves might not even be privy to. As a result, as vulnerabilities arise, IT Operations and security teams might not be aware that an application is impacted, or they might end up spending extensive time prioritizing addressing a vulnerability that does not materially impact source code. According to Endor, only approximately 12% of open-source code that is brought in by developers ends up finding its way into source code. In other words, prioritizing risk mitigation initiatives has become practically impossible. With the criticality of agile development to business success, and the ongoing onslaught of cyber-attacks that capitalize on software vulnerabilities, this is a significant issue that Endor’s product tackles.

Among Endor’s differentiators are its focus on “dependency life cycle management,” that is, cataloging and tracking applications’ various dependencies, and applying a metrics-based risk score that can be used to prioritize and apply security policies. The concept is that comprehensively inventorying potential paths to vulnerabilities allows them to be prioritized and subsequently addressed.

Though only 2 years since its founding and 10 months since its launch, Endor is one of four finalists in Black Hat USA’s 2023 startup competition, occurring on August 9. The company has attracted a spate of large customers, including Five9, as well as an R&D staff, one-third of which is educated at the doctoral level. Fueled with the investment funding, Endor is well-poised to continue innovating around the pressing issue of managing application security vulnerabilities in a DevSecOps environment.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other Insights from The Futurum Group:

What Is Comprehensive Cyber-Resiliency? — Infrastructure Matters, Episode 4

Searching for That Good Restore Point

Cybersecurity is Everyone’s Job

Author Information

Krista Case is Research Director, Cybersecurity & Resilience at The Futurum Group. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.

Steven engages with the world’s largest technology brands to explore new operating models and how they drive innovation and competitive edge.

SHARE:

Latest Insights:

Twilio’s Annual State of Customer Experience Report Finds That While Personalization Is Important, Brands Must Inspire Action, Earn Trust, and Keep Pace With Constant Change
Keith Kirkpatrick, Research Director at Futurum covers Twilio’s 2025 State of Customer Engagement Report, and shares his insights into the strategies brands and software vendors must take to drive more customer engagement and trust.
HP’s EliteBook AI PC Lineup, Co-Engineered With Intel, Delivers Quantifiable Productivity Gains Through Application-Level Tuning and Local AI Performance
Olivier Blanchard, Research Director at Futurum shares insights on how Intel and HP’s AI PCs deliver productivity gains through local AI workloads, with up to 223% faster app performance and privacy-first compute for enterprise users.
Lenovo Expands Its Hybrid AI Advantage Portfolio With New Services, Hardware, and Integrated Platforms Targeting Scalable Enterprise AI Deployment
Nick Patience, VP and AI Practice Lead at Futurum shares insights on Lenovo’s Hybrid AI Advantage expansion, helping enterprises scale AI through new infrastructure, vertical-specific solutions, and employee enablement services.
Zoho Expands Deep-Tech Capabilities with New Campus, Robotics Acquisition, and Startup Studio in Kerala
Keith Kirkpatrick, Research Director at Futurum, shares insights on Zoho’s R&D expansion in Kerala, including its robotics acquisition, startup studio partnership, and rural innovation strategy to build deep-tech capabilities in India.

Book a Demo

Thank you, we received your request, a member of our team will be in contact with you.