Pricing
Select your products
.png)
.png)
What Customers Say
Endor Labs gave me the credibility to say, ‘this zero day is in 40 places and we need to fix it immediately’, and we did. Everything was remediated in under two weeks, which would have been impossible before we had Endor Labs.”
With dependency lifecycle management, Endor Labs is setting an entirely new standard by which organizations can prioritize and zero in on the most significant security and operational issues that have the tendency to slow down application development."
Time-to-value was almost instant. This was a big difference from most vendors where you spend a year deploying and upgrading processes just to make it work.”
Endor Labs is like noise canceling headphones for vulnerability management and AppSec. We're able to focus only on the signal and avoid the noise. Our engineering team stays focused on shipping great products, security focuses on mitigating risk, and the company is focused on being a profitable company.”
FAQs
AURI for Developers is a free tier designed for individual developers who want security feedback directly in their AI code editors. All scanning happens locally, and you get read-only access to Endor Labs’ vulnerability data. There is no UI, policies, or scan history. It's a great way to get started with Endor Labs or evaluate the platform before rolling it out to your team—no commitment required.
Core and Pro editions are paid tiers designed for teams. They add deeper scanning, enterprise integrations, policy enforcement, and the reporting and workflow features that security and engineering teams need to manage risk at scale.
Endor Code focuses on risks in your first-party code—the code your team writes. It includes AI SAST to detect flaws and vulnerabilities in your codebase and pull requests, plus secret detection to catch exposed credentials and API keys before they reach production.
Endor Open Source secures the third-party dependencies and container images that make up your software supply chain. It uses reachability-based SCA to surface only the vulnerabilities that can actually be exploited in your application, cutting through the noise of traditional scanners. It also includes malicious package detection, AI model governance, and SBOM and VEX generation.
Many teams purchase both products for comprehensive coverage for the entire software artifact (code, dependencies, container images) their engineering teams produce pre-deployment.
Endor labs does not store your source code. We offer flexible deployment options depending on your compliance requirements. Most customers choose to deploy agentless scanning via cloud apps for GitHub, GitLab, BitBucket, or Azure DevOps. In that case, we will briefly clone your source code to a container in our cloud and immediately destroy it after scanning.
We can also scan directly in your CI-CD pipelines. In that case, code stays within your runner, and only results are sent to the Endor Labs dashboard. You can also deploy Endor Outpost to run monitoring scans on a schedule outside of your CI/CD pipelines.
Pricing is seat-based and varies slightly depending on the SKU. For Endor Code and Endor Open Source, seats are defined by contributing developers. A contributor is a developer in your organization who has made one or more commits to a source code repository monitored by Endor Labs within the last 90 days.
Pricing scales with your team size. Volume discounts apply as your contributor count grows, with meaningful reductions as you scale.
Yes, Endor Labs uses fair usage limits based on the number of seats you purchased. These are based on annual quotas, so you can scan as much or as little as you need each day, week, month, etc. The fair usage limits are generous and not hard enforced (i.e., you’ll never be blocked from scanning). Most organizations will not need to purchase additional usage. Organizations running semi-autonomous agents or other scan-intensive workflows can purchase additional scan credits if needed.
Yes. Endor Labs is available on the AWS Marketplace, Microsoft Azure Marketplace and Google Cloud Marketplace, making it easy to consolidate billing and apply existing cloud spend commitments toward your subscription.
If your organization has strict data residency or compliance requirements, Endor Outpost is also available as an on-premises deployment option that runs entirely on your own infrastructure. Contact us to learn more about Outpost eligibility.
Endor Labs offers several Technical Success tiers designed to match your team's needs and the complexity of your deployment. Reach out to your account team or contact us to discuss which option is the right fit.