Pricing
Select your products
.png)
.png)
What Customers Say
We’re looking for better ways to scale how we identify business logic risks and unknown unknowns in our codebase. Traditional static analysis tools haven’t really given us the lift we need. Being able to detect risks that we’d otherwise miss manually or through traditional automation would be hugely valuable.”
We’re excited to partner with Endor Labs as we continue to strengthen our security posture in this AI era. Their focus on actionable insights and seamless integration aligns with our commitment to building secure, reliable products for our customers."
Endor Labs' native Bazel integration is the best on the market. It’s eliminated the previous complexity, delivering the confidence required to shift left and reliably identify/remove unused dependencies."
I truly love what EndorLabs does to the security landscape. My brain explodes every time I see a new feature being rolled out. For example, the recent C/C++ support got me wondering how they managed to solve this for a language without a standard package manager and manifest file support."
FAQs
AURI for Developers is a free tier designed for individual developers who want security feedback directly in their AI code editors. All scanning happens locally, and you get read-only access to Endor Labs’ vulnerability data. There is no UI, policies, or scan history. It's a great way to get started with Endor Labs or evaluate the platform before rolling it out to your team—no commitment required.
Core and Pro editions are paid tiers designed for teams. They add deeper scanning, enterprise integrations, policy enforcement, and the reporting and workflow features that security and engineering teams need to manage risk at scale.
Endor Code focuses on risks in your first-party code—the code your team writes. It includes AI SAST to detect flaws and vulnerabilities in your codebase and pull requests, plus secret detection to catch exposed credentials and API keys before they reach production.
Endor Open Source secures the third-party dependencies and container images that make up your software supply chain. It uses reachability-based SCA to surface only the vulnerabilities that can actually be exploited in your application, cutting through the noise of traditional scanners. It also includes malicious package detection, AI model governance, and SBOM and VEX generation.
Many teams purchase both products for comprehensive coverage for the entire software artifact (code, dependencies, container images) their engineering teams produce pre-deployment.
Endor labs does not store your source code. We offer flexible deployment options depending on your compliance requirements. Most customers choose to deploy agentless scanning via cloud apps for GitHub, GitLab, BitBucket, or Azure DevOps. In that case, we will briefly clone your source code to a container in our cloud and immediately destroy it after scanning.
We can also scan directly in your CI-CD pipelines. In that case, code stays within your runner, and only results are sent to the Endor Labs dashboard. You can also deploy Endor Outpost to run monitoring scans on a schedule outside of your CI/CD pipelines.
Pricing is seat-based and varies slightly depending on the SKU. For Endor Code and Endor Open Source, seats are defined by contributing developers. A contributor is a developer in your organization who has made one or more commits to a source code repository monitored by Endor Labs within the last 90 days.
Pricing scales with your team size. Volume discounts apply as your contributor count grows, with meaningful reductions as you scale.
Yes, Endor Labs uses fair usage limits based on the number of seats you purchased. These are based on annual quotas, so you can scan as much or as little as you need each day, week, month, etc. The fair usage limits are generous and not hard enforced (i.e., you’ll never be blocked from scanning). Most organizations will not need to purchase additional usage. Organizations running semi-autonomous agents or other scan-intensive workflows can purchase additional scan credits if needed.
Yes. Endor Labs is available on the AWS Marketplace, Microsoft Azure Marketplace and Google Cloud Marketplace, making it easy to consolidate billing and apply existing cloud spend commitments toward your subscription.
If your organization has strict data residency or compliance requirements, Endor Outpost is also available as an on-premises deployment option that runs entirely on your own infrastructure. Contact us to learn more about Outpost eligibility.
Endor Labs offers several Technical Success tiers designed to match your team's needs and the complexity of your deployment. Reach out to your account team or contact us to discuss which option is the right fit.