Endor Labs AppSec Platform

What do you like best about the product?

What I like best about Endor Labs is how easy it is to integrate their SCA scans into our repositories and get clear visibility into open-source vulnerabilities. The tool provides actionable insights that help us address security risks early in the development cycle, making our workflow more secure and efficient.

What do you dislike about the product?

The tool is overall very helpful, but one area for improvement could be faster scan times on larger repositories. While the results are accurate and detailed, optimizing performance for bigger projects would make the experience even smoother.

What problems is the product solving and how is that benefiting you?

Endor Labs helps us identify and manage vulnerabilities in our open-source dependencies early in the development process. By providing clear visibility and actionable insights, it allows our team to address security risks before they make it into production, improving overall code security and compliance. This has helped us save time, reduce potential security incidents, and maintain confidence in the software we ship.

What do you like best about the product?

Easy to use, reduced our FPs significantly, helped democratize the VM program into engineering directly. Support is quick and efficient. UI is intuitive. Deployment was easy and quick.

What do you dislike about the product?

Very little, I enjoy the product very much. Only callout would be to have the Slack threat intel alerts be customer specific rather than global.

What problems is the product solving and how is that benefiting you?

Reducing false positives and noise from third party vulns that don't affect us in practice. Reduced our security related engineering efforts without hurting the risk reduction outcomes.

What do you like best about the product?

Reachability analysis feature, detailed and useful recommendations, higher accuracy, flexibility of integration and usage, user friendly UI.

What do you dislike about the product?

Endor Labs need to make more of the API capabilities available in the UI.

What problems is the product solving and how is that benefiting you?

Open source vulnerability and license risks in the software supply chain and generation and management of SBOM reports.

What do you like best about the product?

We appreciate Endor Labs for several reasons that have significantly benefited my team and me. Their support team is always helpful, promptly assisting us whenever we encounter obstacles and even implementing feature requests that directly address our issues. This active and responsive customer support is crucial in our daily operations. The Reachability Analysis feature has been a lifesaver, enabling our engineers to allocate their efforts effectively and focus only on impactful upgrades, which prevents the unnecessary use of vulnerable functions from open-source libraries.

Endor Labs' solution gives our team confidence and speed in tackling supply chain security concerns, as it ensures that all libraries are thoroughly scanned for vulnerabilities. Their centralized dashboard is incredibly convenient for quickly checking the usage of dependencies in our code, drastically reducing the time spent on security checks. Their innovative approach to Software Composition Analysis (SCA) is impressive; they prioritize actionable alerts based on reachability, thereby lessening the overwhelming number of findings we might typically have to sift through.


Moreover, setting up Endor Labs was straightforward, which made the initial integration almost seamless. Overall, their extended support and impactful innovations in addressing SCA findings serve as a compelling reason for us to continue using and recommending Endor Labs.

What do you dislike about the product?

Nothing so far, they have been good at what they are doing to security landscape.

What problems is the product solving and how is that benefiting you?

Endor Labs scans and vets open-source libraries for security, preventing supply chain attacks and offering a centralized dashboard to streamline dependency management. It saves engineers' time with Reachability Analysis, improving efficiency and prioritizing critical issues.

What do you like best about the product?

Endor Labs is, in a good way, simplistic. The data we care about is quickly available to us. Our prior SCA tooling reachability analysis wasn't robust and we couldn't determine which vulnerabilities could truly threaten our business, so we couldn't manually research reachability or perform upgrades without knowing if they mattered. Our risk models were overly aggressive to compensate, which has now been dramatically improved by using Endor Labs.

What do you dislike about the product?

Endor Labs is a new entrant into the SCA space, and has only been around for a short period of time (2022). There is always a risk of engaging with a critical vendor that you depend on for Security and Compliance, when they are a relatively new business.

We are happy with all of their current features.

What problems is the product solving and how is that benefiting you?

Software Composition and reachability analysis. Our prior tooling had limitations in reachability, which Endor has solved for.