AURI for Developers

Built for agents.
Zero distractions for developers.

AURI integrates security intelligence directly into your AI coding workflow, catching flaws, exposed secrets, and malicious dependencies so you can build without worrying about security.
Always free for developers. Get started now.
Cursor
VS Code Logo
IntelliJ Logo
Claude Logo
ChatGPT Logo
Gemini Logo
Devin Logo
Augment Logo
Open Hands Logo
Secure by default
AURI spots vulnerabilities and suggests fixes as you work, so issues get caught and fixed before commit, not in code review.
Supply chain protection
Protect your machines, secrets, and code from malicious OSS packages before they execute.
Backlog Reduction
Delivers accurate, context-aware fixes based on your codebase, not generic suggestions.
Over 97% of vulnerabilities flagged by our previous tool weren't reachable in our application. AURI by Endor Labs shows the few impactful vulnerabilities, so we can patch quickly, focusing on what matters.
Travis McPeak Photo
Travis McPeak
Security, Cursor

How it works

Skills
All the skills you need
Install the Claude Skills plugin to run a full-stack code review covering code, secrets, open-source dependencies, Dockerfiles, and container images.
Apply patches and fix dependencies without breaking your code
Research safe OSS dependencies and AI models
Work without leaving your editor—no context switching between different tools and dashboards
Get Started
Command line interface showing results of a repository reachability scan with summary of findings and prompt to start remediating P0 findings using /endor-fix skill.
Code snippet of a JSON configuration defining an mcpServers object with endor-cli-tools containing type stdio, command endorctl, and args array with ai-tools and mcp-server.
Model Context Protocol (MCP)
Quickly integrate into AI code editors
AURI connects directly to your AI code editor of choice through MCP, giving agent the security context they needs to write safe code.
Scans for vulnerabilities, hardcoded secrets, and insecure patterns
Flags risky open source dependencies
Provides safe upgrade recommendations
Fixes happen inline, right where you're working
Get Started
CLI
Automate workflows with scripts
Use the Endor Labs CLI to run security scans locally, integrate into your own scripts, and build scanning into CI scripts.
Run SCA, SAST, and secrets scans directly from your terminal against any project or repository.
Pipe scan results into other tools or custom scripts for downstream processing and automation.
Scan before you commit or push, adding a lightweight security gate to your existing Git workflow.
Get Started
Terminal window on a dark green background showing a command line with text: 'astiefel@Andrews-MacBook-Pro ~ % endorctl endorctl scan --pr'.
Terminal window showing a curl command with headers for Authorization, Accept-Encoding, Request-Timeout, and a data-urlencode filter querying an API endpoint for code owners.
API
Build custom integrations
AURI is fully API-first, giving you direct access to scan results, vulnerability data, and policies to run headless or build any workflow you can imagine.
Query the vulnerability database programmatically to enrich your own tooling with Auri’s code security intelligence.
Trigger scans and retrieve results from CI/CD pipelines, custom dashboards, or internal platforms.
Build bespoke workflows that combine security data with your existing development infrastructure.
Get Started
Flowchart showing integration paths from GitHub, GitLab, and PHP to Slack and Microsoft platforms, with a C# icon connected to Slack.

Works where you work

AURI integrates with the tools you use so that you can stay in the flow.
Explore integrations
Flow diagram connecting software development tools and platforms including .NET, JetBrains, GitHub, Google, and Vercel.
Implementing Endor Labs is easy. I had exactly what I needed between the docs, CLI tool, a GitHub Action, and a GitHub app— all readily available."
Alex Olea Photo
Alex Olea
DevSecOps Engineer, Starburst

What’s Free with

Feature
AURI for Developers
Paid Plans
Detect and fix vulnerabilities in code
Detect and fix exposed secrets
Detect and fix open source vulnerabilities
Detect and block malicious packages
Review PRs with AI Security Code Review
Reduce noise with full-stack reachability
Identify upgrades that won’t break your code
Use REST API to build integrations
Create and enforce policies
Dashboard and compliance reporting

Resources

Secure Code Prompt Library
Get 40+ prompt templates to help AI coding assistants generate secure code by default.
Read the guide
Two glowing cubes floating on a dark background with Ethereum and another tech-related symbol on each cube.
Block Malware with Cursor Hooks
Learn how to intercept malicious packages before they land on your machine.
Watch demo
Comparison graphic showing two code blocks side by side with a 'vs' circle in the center; the left code block has a blue highlight and a sparkle icon, the right has a red highlight and a warning triangle icon.
Context Engineering for Security
Learn how to combine prompts, rules, and tools to integrate security into the AI-SDLC.
Read the guide
I truly love what Endor Labs does to the security landscape. My brain explodes every time I see a new feature being rolled out. For example, the recent C/C++ support got me wondering how they managed to solve this for a language without a standard package manager and manifest file support."
Mohanraj Ravichandran Photo
Mohanraj Ravichandran
Product Security Engineer, Netskope

FAQs

Read our documentation
What is the Developer Edition?

Developer Edition is a free tier that gives individual developers access to the AURI MCP Server and CLI. It includes SAST, SCA, secrets detection, and malicious open source package detection — the core scanning capabilities you need to write secure code from day one.

What does the MCP Server actually do?

The MCP Server connects AURI's security intelligence to your AI coding assistant. When you or your AI writes code, the server scans for vulnerabilities, insecure patterns, hardcoded secrets, and risky dependencies in real time — then helps fix them inline, right where you're working.

Which editors and tools are supported?

The MCP server works with Cursor, VS Code, Windsurf, Claude Code, and any MCP-compatible client. It also integrates with asynchronous AI tools like GitHub Copilot and OpenAI Codex for agent-driven workflows.

Is Developer Edition really free?

Yes. Developer Edition requires no credit card and no paid subscription. You authenticate once via GitHub, GitLab, or Google and you're up and running. There's no trial period — it's free to use, forever.

What kinds of scans does it run?

Developer Edition includes four core scan types: static application security testing (SAST) for code-level issues, software composition analysis (SCA) for dependency vulnerabilities, secrets detection for exposed credentials, and malicious package detection to catch supply chain attacks before they reach your environment.

Does my code leave my machine?

No. All scans run locally. The MCP Server accesses AURI's vulnerability database for intelligence (read-only), but your source code stays on your machine and is never uploaded to Endor Labs' platform.

How is this different from other free security MCP servers?

Most free MCP servers focus on code scanning alone. The AURI Developer Edition is the only free offering that combines code scanning (SAST and secrets) with full supply chain security — including CVE detection and malicious open source package identification in your dependencies.

Do I need to install anything besides the MCP Server?

No. The MCP Server fetches everything it needs on demand, including the Endor Labs CLI. There's no separate installation step, no pre-configuration, and no dependency management required to get started.

Can I use Developer Edition with my team?

Developer Edition is designed for individual developers. If your team needs shared policies, centralized reporting, or platform-level visibility, Endor Labs offers team and enterprise tiers that build on the same scanning engine with collaboration and governance features.

What's the difference between Developer Edition and the full Endor Labs platform?

Developer Edition gives you the core scanning tools — MCP Server and CLI — with default security policies and local-only results. The full platform adds a web UI, custom policies, centralized reporting, team management, and integrations with SIEM and vulnerability management tools for organization-wide security programs.

Speed oror AND security. The best teams code without compromise.

This is some text inside of a div block.