Microsoft has partnered with Endor Labs to integrate a software composition analysis tool into its Microsoft Cloud Defender platform, reports DevOps.
The move aims to enhance cloud-native application protection by providing deeper insights into vulnerabilities, helping development teams prioritize and reduce potential issues. Endor Labs’ analytic capabilities assess the impact of upgrading open-source packages and include features like Magic Patches, which allow DevSecOps teams to backport fixes without breaking applications.
According to Microsoft’s Security Product Manager Lara Goldstein, Endor Labs was chosen after evaluating multiple SCA tools due to its ability to deliver actionable insights into vulnerability reachability. This integration simplifies addressing both application and infrastructure security within a unified platform, improving attack path visualization from code to runtime. Microsoft said its future plans include integrating Endor Labs' tool with GitHub Copilot to provide AI-driven remediation guidance. Despite progress in adopting DevSecOps practices, challenges persist. A Techstrong Research survey reveals only 47% of organizations regularly employ best practices, though 59% are increasing investments in application security tools like code scanners.
