Endor Labs User Documentation
About Endor Labs
Endor Labs is a unified application security platform that helps you ship secure code by default, whether code is written by humans or agents.
We address your software security needs with the following key features:
- Unified platform: A single platform for SAST, secrets detection, SCA, malicious package detection, AI governance, and container scanning.
- Prioritization & noise reduction: Reachability analysis cuts through the noise by identifying which vulnerabilities actually affect your code.
- Fix, not just find: Go beyond detection with actionable remediation guidance, upgrade impact analysis, and automated patching.
- Embrace AI confidently: Discover AI models in your codebase, govern their usage, and leverage AI-powered assistance for security analysis and code fixes.
Endor Labs workflow
Endor Labs provides a prescriptive, outcome-focused workflow that guides you from initial setup to continuous security improvement.
Step 1: Scan
Automatically discover dependencies, vulnerabilities, secrets, and AI models across your entire codebase with a single integration.
Step 2: Triage
Cut through the noise with reachability analysis and risk scoring. Focus only on the vulnerabilities that actually impact your application.
Step 3: Remediate
Fix issues faster with AI-powered remediation, upgrade impact analysis, and automated patching—not just alerts.
Your journey with Endor Labs:
| Stage | Goal |
|---|---|
| Day 0: Onboard | Connect your repositories and run your first scan. Get immediate visibility into your security posture. |
| Day 1: Prioritize | Review reachable vulnerabilities and high-risk findings. Set up policies to automate triage. |
| Day 2+: Optimize | Integrate into CI/CD pipelines, enable developer workflows, and continuously improve your security baseline. |
What makes us different?
The Endor Labs platform blends advanced static analysis techniques, meticulous research, and thoughtful AI use to surface relevant, reliable threats and actionable remediations. Granular policies combined with a suite of integrations help you control risk across your SDLC.
AI-powered developer assistance
Endor Labs provides AI-powered developer assistance to identify and help you fix vulnerabilities in your code.
Reachability analysis
Endor Labs analyzes your first-party code, software packages, and containers to provide context on how each vulnerability may be exploited in your application.
Endor scores
Endor Labs collects and analyzes a large amount of metadata about AI models and open-source packages and uses it to compute risk scores.
Policies and Risk Management
Endor Labs policies give you control of risk in your environment. When combined with integrations into platforms like GitHub and GitLab, you can choose which risks are blocked, and which generate warnings.
Packaging
Endor Labs application is available in the following offerings.
| Offering | Description |
|---|---|
| Endor Core | Endor Core includes SCA with reachability, AI model discovery, OSS package/model curation, SBOM and VEX generation, and top 10 OSS risk detection. |
| Endor Pro | Endor Pro includes all components of Endor Core with upgrade impact analysis, container scanning, binary scanning, artifact signing, CI/CD security, GitHub security posture management, and GitHub Actions security. |
| Endor Patches | Endor Patches allows you to patch OSS vulnerabilities without upgrading dependencies. Available as a standalone offering, or along with Endor Core or Endor Pro. |
| Endor Code | Endor Code includes SAST and secrets detection. Available as an add-on with Endor Core or Endor Pro. |
| Endor Code Pro | Endor Code Pro includes AI security review along with Endor Code features. Available as an add-on with Endor Core or Endor Pro. |
| Endor SBOM Hub | Endor SBOM Hub allows you to store, manage, and analyze first-party and third-party SBOMs with continuous risk monitoring. Available as an add-on with Endor Core or Endor Pro. |
For more details on Endor Labs’ offerings and the features they include, see Pricing and packaging.