Endor Labs AppSec Platform
Endor LabsReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
9 reviews
from
External reviews are not included in the AWS star rating for the product.
Easy SCA Integration with Clear, Actionable Vulnerability Insights
What do you like best about the product?
What I like best about Endor Labs is how easy it is to integrate their SCA scans into our repositories and get clear visibility into open-source vulnerabilities. The tool provides actionable insights that help us address security risks early in the development cycle, making our workflow more secure and efficient.
What do you dislike about the product?
The tool is overall very helpful, but one area for improvement could be faster scan times on larger repositories. While the results are accurate and detailed, optimizing performance for bigger projects would make the experience even smoother.
What problems is the product solving and how is that benefiting you?
Endor Labs helps us identify and manage vulnerabilities in our open-source dependencies early in the development process. By providing clear visibility and actionable insights, it allows our team to address security risks before they make it into production, improving overall code security and compliance. This has helped us save time, reduce potential security incidents, and maintain confidence in the software we ship.
Great product, delivered on outcomes
What do you like best about the product?
Easy to use, reduced our FPs significantly, helped democratize the VM program into engineering directly. Support is quick and efficient. UI is intuitive. Deployment was easy and quick.
What do you dislike about the product?
Very little, I enjoy the product very much. Only callout would be to have the Slack threat intel alerts be customer specific rather than global.
What problems is the product solving and how is that benefiting you?
Reducing false positives and noise from third party vulns that don't affect us in practice. Reduced our security related engineering efforts without hurting the risk reduction outcomes.
Leader in the SCA technology
What do you like best about the product?
Reachability analysis feature, detailed and useful recommendations, higher accuracy, flexibility of integration and usage, user friendly UI.
What do you dislike about the product?
Endor Labs need to make more of the API capabilities available in the UI.
What problems is the product solving and how is that benefiting you?
Open source vulnerability and license risks in the software supply chain and generation and management of SBOM reports.
Took the SCA scans to whole another level with their reachability analysis
What do you like best about the product?
We appreciate Endor Labs for several reasons that have significantly benefited my team and me. Their support team is always helpful, promptly assisting us whenever we encounter obstacles and even implementing feature requests that directly address our issues. This active and responsive customer support is crucial in our daily operations. The Reachability Analysis feature has been a lifesaver, enabling our engineers to allocate their efforts effectively and focus only on impactful upgrades, which prevents the unnecessary use of vulnerable functions from open-source libraries.
Endor Labs' solution gives our team confidence and speed in tackling supply chain security concerns, as it ensures that all libraries are thoroughly scanned for vulnerabilities. Their centralized dashboard is incredibly convenient for quickly checking the usage of dependencies in our code, drastically reducing the time spent on security checks. Their innovative approach to Software Composition Analysis (SCA) is impressive; they prioritize actionable alerts based on reachability, thereby lessening the overwhelming number of findings we might typically have to sift through.
Moreover, setting up Endor Labs was straightforward, which made the initial integration almost seamless. Overall, their extended support and impactful innovations in addressing SCA findings serve as a compelling reason for us to continue using and recommending Endor Labs.
Endor Labs' solution gives our team confidence and speed in tackling supply chain security concerns, as it ensures that all libraries are thoroughly scanned for vulnerabilities. Their centralized dashboard is incredibly convenient for quickly checking the usage of dependencies in our code, drastically reducing the time spent on security checks. Their innovative approach to Software Composition Analysis (SCA) is impressive; they prioritize actionable alerts based on reachability, thereby lessening the overwhelming number of findings we might typically have to sift through.
Moreover, setting up Endor Labs was straightforward, which made the initial integration almost seamless. Overall, their extended support and impactful innovations in addressing SCA findings serve as a compelling reason for us to continue using and recommending Endor Labs.
What do you dislike about the product?
Nothing so far, they have been good at what they are doing to security landscape.
What problems is the product solving and how is that benefiting you?
Endor Labs scans and vets open-source libraries for security, preventing supply chain attacks and offering a centralized dashboard to streamline dependency management. It saves engineers' time with Reachability Analysis, improving efficiency and prioritizing critical issues.
Jellyfish Enables Data-Driven AppSec with Endor Labs
What do you like best about the product?
Endor Labs is, in a good way, simplistic. The data we care about is quickly available to us. Our prior SCA tooling reachability analysis wasn't robust and we couldn't determine which vulnerabilities could truly threaten our business, so we couldn't manually research reachability or perform upgrades without knowing if they mattered. Our risk models were overly aggressive to compensate, which has now been dramatically improved by using Endor Labs.
What do you dislike about the product?
Endor Labs is a new entrant into the SCA space, and has only been around for a short period of time (2022). There is always a risk of engaging with a critical vendor that you depend on for Security and Compliance, when they are a relatively new business.
We are happy with all of their current features.
We are happy with all of their current features.
What problems is the product solving and how is that benefiting you?
Software Composition and reachability analysis. Our prior tooling had limitations in reachability, which Endor has solved for.
The best reachability analysis I've tested, with an intuitive yet powerful UI
What do you like best about the product?
The way SCA is performed on projects is the best I've seen from all products I've tested. Function-level reachability for many languages/technologies differentiates it from most, if not all, competitors. The UI easily shows me the findings on all projects, with detailed information on location, call-stack, impact, CVEs...
It also lets us, from the UI, fine-tune policies on when to warn/block/ignore builds on findings.
It also lets us, from the UI, fine-tune policies on when to warn/block/ignore builds on findings.
What do you dislike about the product?
The only downside I've come across is setting up Endor Labs for a project could be easier. It's not hard, but some errors or problems could have a more explicit message on how to solve (e.g. some project's dependencies failed to be analysed), but given the large amount of supported technologies, it's understandable.
What problems is the product solving and how is that benefiting you?
Lack of Software Composition Analysis - using Endor Lab's reachability analysis, we can prioritize the findings to be fixed.
Endor Labs is an industry leader in the SCA space
What do you like best about the product?
Endor Labs has revolutionized our approach to managing our OSS dependency & securitization of our software supply chain. SCA solution goes beyond traditional vulnerability scanning, offering deep reachbility that has dramatically reduced not only our risk exposure but developer productivity while addressing such issues.
Really loved how they do the same with all the verticals. They are expanding to including container scanning where they link vulnerability found in container level back to source code and OSS scan results.
In a few years we have used Endor we have found them to be rapid in reflecting our needs and continually syncing to deliver on our requests throughout the Journey. Customer sympathy is truly a factor to highlight when we think of Endor Labs as a partner.
Really loved how they do the same with all the verticals. They are expanding to including container scanning where they link vulnerability found in container level back to source code and OSS scan results.
In a few years we have used Endor we have found them to be rapid in reflecting our needs and continually syncing to deliver on our requests throughout the Journey. Customer sympathy is truly a factor to highlight when we think of Endor Labs as a partner.
What do you dislike about the product?
It would be great if Endor Labs continue to expand their vertical all the way to runtime analysis of containers to truly make it an end to end software lifecycle vulnerability/security platform.
What problems is the product solving and how is that benefiting you?
Streamlining security and vulnerability management in software supply chain while optimizing not only the accuracy but time to value via deep reachability/tracing analysis.
Ultimately translates to substantial cost and quicker safe delivery of our service.
Ultimately translates to substantial cost and quicker safe delivery of our service.
Likely the Market Leader
What do you like best about the product?
Endor Labs is scrappy company that has left me with the impression that they will do what it takes to see their customers succeed. For software composition and reachabiity analysis, it was difficult to find a competing product in the current market that is as fully featured as their platform. They place a big emphasis on methodology (and have SMEs that write about this) and are also capable of performing reachability analysis on transitive dependencies, which was a big selling point for us.
Implementation and ease of integration were also a big selling point. All the basics are there - a CLI tool, an optional Github application, and a well-maintained github action with all the features of the CLI tool. Members of the team, outside of customer support, were ready and able to help whenever we ran into issues in one of our many Java / Maven repositories.
Implementation and ease of integration were also a big selling point. All the basics are there - a CLI tool, an optional Github application, and a well-maintained github action with all the features of the CLI tool. Members of the team, outside of customer support, were ready and able to help whenever we ran into issues in one of our many Java / Maven repositories.
What do you dislike about the product?
UI/UX could use some fine tuning. For example, users authenticating via a custom IdP sometimes show up as have an "unknown provider" in the access control tab, despite it being clear that they are sourced from the IdP. It would also be nice to be able to set a default monitored branch from the console (this is currently only possible via a CLI flag).
What problems is the product solving and how is that benefiting you?
Endor Labs is our go-to platform for software composition and reachability analysis. They are able to perform reachability analysis on transitive dependencies - a big selling point.
Endor Labs unparalleled in function reachability
What do you like best about the product?
Endor Labs has a very sophisticated engine for function reachability. I would say it is unparallel in the industry as of right now.
What do you dislike about the product?
The UI/UX experience needs some work. However, it has been getting better in the last two years. I have used this product. Also, it needs better Jira integration. Again, this is something they're actively working on.
What problems is the product solving and how is that benefiting you?
Endor Labs is helping us prioritize mission critical third-party library vulnerabilities. It is allowing us to target those vulnerabilities we can remediate quickly and then move into vulnerabilities that will take much longer to remediate.
showing 1 - 9