Pricing
Select your products
.png)
.png)
What Customers Say
We recently removed Checkmarx in favor of Endor. I like them as they allow us to eliminate the need to fix vulns when they are on unused code paths (a hard to resolve problem with SBOM based scanners). When we used Snyk (prior to Cx), we were overwhelmed with all the unrelated findings. Endor scans are also much faster than Cx (and no strict parallelism limits that stall CI) which we appreciate. Their support teams have been great to us and got us very early warning of the latest NPM malware issues (~6h before Cx notified us)."
Endor Labs' exceptional timeliness and proactive communication during the recent spate of npm malware attacks allowed us to expedite our internal investigation and remediation. I've never experienced that level of support from a vendor before."
“When it comes to malware attacks, Endor Labs helps me sleep better at night because I know we can quickly figure out whether we’re impacted, and if not, move on with our day.”
If it wasn’t for reachability, this program would fail. A little extra effort up front to onboard is worth the deep application context we use every day."
FAQs
AURI for Developers is a free tier designed for individual developers who want security feedback directly in their AI code editors. All scanning happens locally, and you get read-only access to Endor Labs’ vulnerability data. There is no UI, policies, or scan history. It's a great way to get started with Endor Labs or evaluate the platform before rolling it out to your team—no commitment required.
Core and Pro editions are paid tiers designed for teams. They add deeper scanning, enterprise integrations, policy enforcement, and the reporting and workflow features that security and engineering teams need to manage risk at scale.
Endor Code focuses on risks in your first-party code—the code your team writes. It includes AI SAST to detect flaws and vulnerabilities in your codebase and pull requests, plus secret detection to catch exposed credentials and API keys before they reach production.
Endor Open Source secures the third-party dependencies and container images that make up your software supply chain. It uses reachability-based SCA to surface only the vulnerabilities that can actually be exploited in your application, cutting through the noise of traditional scanners. It also includes malicious package detection, AI model governance, and SBOM and VEX generation.
Many teams purchase both products for comprehensive coverage for the entire software artifact (code, dependencies, container images) their engineering teams produce pre-deployment.
Endor labs does not store your source code. We offer flexible deployment options depending on your compliance requirements. Most customers choose to deploy agentless scanning via cloud apps for GitHub, GitLab, BitBucket, or Azure DevOps. In that case, we will briefly clone your source code to a container in our cloud and immediately destroy it after scanning.
We can also scan directly in your CI-CD pipelines. In that case, code stays within your runner, and only results are sent to the Endor Labs dashboard. You can also deploy Endor Outpost to run monitoring scans on a schedule outside of your CI/CD pipelines.
Pricing is seat-based and varies slightly depending on the SKU. For Endor Code and Endor Open Source, seats are defined by contributing developers. A contributor is a developer in your organization who has made one or more commits to a source code repository monitored by Endor Labs within the last 90 days.
Pricing scales with your team size. Volume discounts apply as your contributor count grows, with meaningful reductions as you scale.
Yes, Endor Labs uses fair usage limits based on the number of seats you purchased. These are based on annual quotas, so you can scan as much or as little as you need each day, week, month, etc. The fair usage limits are generous and not hard enforced (i.e., you’ll never be blocked from scanning). Most organizations will not need to purchase additional usage. Organizations running semi-autonomous agents or other scan-intensive workflows can purchase additional scan credits if needed.
Yes. Endor Labs is available on the AWS Marketplace, Microsoft Azure Marketplace and Google Cloud Marketplace, making it easy to consolidate billing and apply existing cloud spend commitments toward your subscription.
If your organization has strict data residency or compliance requirements, Endor Outpost is also available as an on-premises deployment option that runs entirely on your own infrastructure. Contact us to learn more about Outpost eligibility.
Endor Labs offers several Technical Success tiers designed to match your team's needs and the complexity of your deployment. Reach out to your account team or contact us to discuss which option is the right fit.