Pricing
Select your products
.png)
.png)
What Customers Say
We both want to create a secure platform for people to use AI, but we also want to use AI ourselves to make that process easier.”
Endor Labs greatly reduced our CVE backlog, which helps satisfy the near zero tolerance for vulnerabilities often seen in highly regulated markets."
Our top executives are attesting to these SBOMs. We have a duty of care to ensure that we produce high integrity SBOMs. If we don’t know all of our direct and transitive dependencies, have missing components, or are unable to quickly validate things like the deployment build matching the declared source, the SBOM cannot be complete. This is where having Endor Labs is crucial - it helps us identify all dependencies, understand the impact of risk, and gives us the trust and assurance to back and commit to our leadership that we have a high integrity SBOM.
Having Endor Labs is crucial. It helps us identify all dependencies, understand the impact of risk, and gives us the trust and assurance commit to our leadership that we have a high integrity SBOM."
FAQs
AURI for Developers is a free tier designed for individual developers who want security feedback directly in their AI code editors. All scanning happens locally, and you get read-only access to Endor Labs’ vulnerability data. There is no UI, policies, or scan history. It's a great way to get started with Endor Labs or evaluate the platform before rolling it out to your team—no commitment required.
Core and Pro editions are paid tiers designed for teams. They add deeper scanning, enterprise integrations, policy enforcement, and the reporting and workflow features that security and engineering teams need to manage risk at scale.
Endor Code focuses on risks in your first-party code—the code your team writes. It includes AI SAST to detect flaws and vulnerabilities in your codebase and pull requests, plus secret detection to catch exposed credentials and API keys before they reach production.
Endor Open Source secures the third-party dependencies and container images that make up your software supply chain. It uses reachability-based SCA to surface only the vulnerabilities that can actually be exploited in your application, cutting through the noise of traditional scanners. It also includes malicious package detection, AI model governance, and SBOM and VEX generation.
Many teams purchase both products for comprehensive coverage for the entire software artifact (code, dependencies, container images) their engineering teams produce pre-deployment.
Endor labs does not store your source code. We offer flexible deployment options depending on your compliance requirements. Most customers choose to deploy agentless scanning via cloud apps for GitHub, GitLab, BitBucket, or Azure DevOps. In that case, we will briefly clone your source code to a container in our cloud and immediately destroy it after scanning.
We can also scan directly in your CI-CD pipelines. In that case, code stays within your runner, and only results are sent to the Endor Labs dashboard. You can also deploy Endor Outpost to run monitoring scans on a schedule outside of your CI/CD pipelines.
Pricing is seat-based and varies slightly depending on the SKU. For Endor Code and Endor Open Source, seats are defined by contributing developers. A contributor is a developer in your organization who has made one or more commits to a source code repository monitored by Endor Labs within the last 90 days.
Pricing scales with your team size. Volume discounts apply as your contributor count grows, with meaningful reductions as you scale.
Yes, Endor Labs uses fair usage limits based on the number of seats you purchased. These are based on annual quotas, so you can scan as much or as little as you need each day, week, month, etc. The fair usage limits are generous and not hard enforced (i.e., you’ll never be blocked from scanning). Most organizations will not need to purchase additional usage. Organizations running semi-autonomous agents or other scan-intensive workflows can purchase additional scan credits if needed.
Yes. Endor Labs is available on the AWS Marketplace, Microsoft Azure Marketplace and Google Cloud Marketplace, making it easy to consolidate billing and apply existing cloud spend commitments toward your subscription.
If your organization has strict data residency or compliance requirements, Endor Outpost is also available as an on-premises deployment option that runs entirely on your own infrastructure. Contact us to learn more about Outpost eligibility.
Endor Labs offers several Technical Success tiers designed to match your team's needs and the complexity of your deployment. Reach out to your account team or contact us to discuss which option is the right fit.