AURI for Developers

Secure your code where you write it

Fix vulnerabilities, detect secrets, and block malicious dependencies in your AI coding workflow.
Trusted by the world's best engineering teams
Cursor logoDropbox logoGlean logoOpenAI logomongoDB LogoPeloton logoRobinhood logoRubrik logo
Cursor logoDropbox logoGlean logoOpenAI logomongoDB LogoPeloton logoRobinhood logoRubrik logo
Cursor logoDropbox logoGlean logoOpenAI logomongoDB LogoPeloton logoRobinhood logoRubrik logo
Quick start

Get running in under 60 seconds

Model Context Protocol (MCP)

Pick your IDE, copy the config, and you're scanning. No account, no sign-up, no credit card. The MCP Server authenticates via your browser on first run.

Get started with MCP
1

Add the Config

Cursor
Claude Code
Codex
VS Code / Copilot
Gemini CLI
Install in Cursor with one click
Or add manually to .cursor/mcp.json
{
  "mcpServers": {
    "endor-cli-tools": {
      "command": "npx",
      "args": [
        "-y",
        "endorctl",
        "ai-tools",
        "mcp-server"
      ]
    }
  }
}
Copy
Downloads endorctl automatically on first run. Your code never leaves your machine.
Copy and paste the following configuration directly into your MCP configuration file.
claude mcp add endor-cli-tools -- npx -y endorctl ai-tools mcp-server
Copy
Downloads endorctl automatically on first run. Your code never leaves your machine.
Copy and paste the following configuration directly into your MCP configuration file.
codex mcp add endor-cli-tools -- npx -y endorctl ai-tools mcp-server
Copy
Downloads endorctl automatically on first run. Your code never leaves your machine.
Install in VS Code with one click
Or add manually to .cursor/mcp.json
{
  "servers": {
    "endor-cli-tools": {
      "command": "npx",
      "args": [
        "-y",
        "endorctl",
        "ai-tools",
        "mcp-server"
      ]
    }
  }
}
Copy
Downloads endorctl automatically on first run. Your code never leaves your machine.
Copy and paste the following configuration directly into your MCP configuration file.
gemini mcp add endor-cli-tools -- npx -y endorctl ai-tools mcp-server
Copy
Downloads endorctl automatically on first run. Your code never leaves your machine.
2

Start Scanning

Scan all the OSS dependencies in my project for risk using Endor Labs MCP
Copy
Scanning 142 dependencies across 3 manifests.
3 critical vulnerabilities found in transitive deps
1 malicious package detected: event-stream@3.3.6
138 dependencies are clean
Implementing Endor Labs is easy. I had exactly what I needed between the docs, CLI tool, a GitHub Action, and a GitHub app— all readily available."
Alex Olea Photo
Alex Olea
DevSecOps Engineer, Starburst
See it in action

What it looks like in your workflow

What’s Free with

Feature
AURI for Developers
Paid Plans
Detect and fix vulnerabilities in code
Detect and fix exposed secrets
Detect and fix open source vulnerabilities
Detect and block malicious packages
Review PRs with AI Security Code Review
Reduce noise with full-stack reachability
Identify upgrades that won’t break your code
Use REST API to build integrations
Create and enforce policies
Dashboard and compliance reporting
Enterprise Setup
Already have an Endor Labs account?

Connect your developer tools to your organization's namespace, policies, and centralized reporting.

Authenticate with an API key or enterprise SSO

Set your namespace

Centralized reporting and policy enforcement

Team management and SIEM integrations

Skills Plugin

Install the Skills plugin with a single command to run a full-stack security review covering code, secrets, open-source dependencies, and container images.

Get started with Skills
Cursor
Claude Code
Codex
Gemini CLI
bash
Copy
npx skills add endorlabs/ai-plugins
bash
Copy
npx skills add endorlabs/ai-plugins
bash
Copy
npx skills add endorlabs/ai-plugins
bash
Copy
npx skills add endorlabs/ai-plugins

Command Line Interface (CLI)

Use the Endor Labs CLI to run security scans locally, integrate into your own scripts, and build scanning into CI scripts.

Get started with CLI
Brew
NPM
Linux
Windows
bash
Copy
brew install endorlabs/tap/endorctl
brew install endorctl
bash
Copy
npm install -g endorctl
bash
Copy
# Download the latest CLI for Linux amd64
curl https://api.endorlabs.com/download/latest/endorctl_linux_amd64 -o endorctl

# Verify the checksum of the binary
echo "$(curl -s https://api.endorlabs.com/sha/latest/endorctl_linux_amd64)  endorctl" | sha256sum -c

# Modify the permissions of the binary to ensure it is executable
chmod +x ./endorctl
    
# Create an alias endorctl of the binary to ensure it is available in other directory
alias endorctl="$PWD/endorctl"
bash
Copy
# Download the latest CLI for Windows amd64
curl -O https://api.endorlabs.com/download/latest/endorctl_windows_amd64.exe

# Check the expected checksum of the binary file
curl https://api.endorlabs.com/sha/latest/endorctl_windows_amd64.exe

# Verify the expected checksum and the actual checksum of the binary match
certutil -hashfile .\endorctl_windows_amd64.exe SHA256

# Rename the binary file
ren endorctl_windows_amd64.exe endorctl.exe

Resources

Secure Code Prompt Library
Get 40+ prompt templates to help AI coding assistants generate secure code by default.
Read the guide
Two glowing cubes floating on a dark background with Ethereum and another tech-related symbol on each cube.
Block Malware with Cursor Hooks
Learn how to intercept malicious packages before they land on your machine.
Watch demo
Comparison graphic showing two code blocks side by side with a 'vs' circle in the center; the left code block has a blue highlight and a sparkle icon, the right has a red highlight and a warning triangle icon.
Context Engineering for Security
Learn how to combine prompts, rules, and tools to integrate security into the AI-SDLC.
Read the guide
I truly love what Endor Labs does to the security landscape. My brain explodes every time I see a new feature being rolled out. For example, the recent C/C++ support got me wondering how they managed to solve this for a language without a standard package manager and manifest file support."
Mohanraj Ravichandran Photo
Mohanraj Ravichandran
Product Security Engineer, Netskope

FAQs

Read our documentation
What is the Developer Edition?

Developer Edition is a free tier that gives individual developers access to the AURI MCP Server and CLI. It includes SAST, SCA, secrets detection, and malicious open source package detection — the core scanning capabilities you need to write secure code from day one.

What does the MCP Server actually do?

The MCP Server connects AURI's security intelligence to your AI coding assistant. When you or your AI writes code, the server scans for vulnerabilities, insecure patterns, hardcoded secrets, and risky dependencies in real time — then helps fix them inline, right where you're working.

Which editors and tools are supported?

The MCP server works with Cursor, VS Code, Windsurf, Claude Code, and any MCP-compatible client. It also integrates with asynchronous AI tools like GitHub Copilot and OpenAI Codex for agent-driven workflows.

Is Developer Edition really free?

Yes. Developer Edition requires no credit card and no paid subscription. You authenticate once via GitHub, GitLab, or Google and you're up and running. There's no trial period — it's free to use, forever.

What kinds of scans does it run?

Developer Edition includes four core scan types: static application security testing (SAST) for code-level issues, software composition analysis (SCA) for dependency vulnerabilities, secrets detection for exposed credentials, and malicious package detection to catch supply chain attacks before they reach your environment.

Does my code leave my machine?

No. All scans run locally. The MCP Server accesses AURI's vulnerability database for intelligence (read-only), but your source code stays on your machine and is never uploaded to Endor Labs' platform.

How is this different from other free security MCP servers?

Most free MCP servers focus on code scanning alone. The AURI Developer Edition is the only free offering that combines code scanning (SAST and secrets) with full supply chain security — including CVE detection and malicious open source package identification in your dependencies.

Do I need to install anything besides the MCP Server?

No. The MCP Server fetches everything it needs on demand, including the Endor Labs CLI. There's no separate installation step, no pre-configuration, and no dependency management required to get started.

Can I use Developer Edition with my team?

Developer Edition is designed for individual developers. If your team needs shared policies, centralized reporting, or platform-level visibility, Endor Labs offers team and enterprise tiers that build on the same scanning engine with collaboration and governance features.

What's the difference between Developer Edition and the full Endor Labs platform?

Developer Edition gives you the core scanning tools — MCP Server and CLI — with default security policies and local-only results. The full platform adds a web UI, custom policies, centralized reporting, team management, and integrations with SIEM and vulnerability management tools for organization-wide security programs.

Speed oror AND security. The best teams code without compromise.

This is some text inside of a div block.