Endor Labs Reviews & Product Details

What I like best about Endor Labs is how easy it is to integrate their SCA scans into our repositories and get clear visibility into open-source vulnerabilities. The tool provides actionable insights that help us address security risks early in the development cycle, making our workflow more secure and efficient. Review collected by and hosted on G2.com.

The tool is overall very helpful, but one area for improvement could be faster scan times on larger repositories. While the results are accurate and detailed, optimizing performance for bigger projects would make the experience even smoother. Review collected by and hosted on G2.com.

We appreciate Endor Labs for several reasons that have significantly benefited my team and me. Their support team is always helpful, promptly assisting us whenever we encounter obstacles and even implementing feature requests that directly address our issues. This active and responsive customer support is crucial in our daily operations. The Reachability Analysis feature has been a lifesaver, enabling our engineers to allocate their efforts effectively and focus only on impactful upgrades, which prevents the unnecessary use of vulnerable functions from open-source libraries.

Endor Labs' solution gives our team confidence and speed in tackling supply chain security concerns, as it ensures that all libraries are thoroughly scanned for vulnerabilities. Their centralized dashboard is incredibly convenient for quickly checking the usage of dependencies in our code, drastically reducing the time spent on security checks. Their innovative approach to Software Composition Analysis (SCA) is impressive; they prioritize actionable alerts based on reachability, thereby lessening the overwhelming number of findings we might typically have to sift through.

Moreover, setting up Endor Labs was straightforward, which made the initial integration almost seamless. Overall, their extended support and impactful innovations in addressing SCA findings serve as a compelling reason for us to continue using and recommending Endor Labs. Review collected by and hosted on G2.com.

Nothing so far, they have been good at what they are doing to security landscape. Review collected by and hosted on G2.com.

Easy to use, reduced our FPs significantly, helped democratize the VM program into engineering directly. Support is quick and efficient. UI is intuitive. Deployment was easy and quick. Review collected by and hosted on G2.com.

Very little, I enjoy the product very much. Only callout would be to have the Slack threat intel alerts be customer specific rather than global. Review collected by and hosted on G2.com.

Reachability analysis feature, detailed and useful recommendations, higher accuracy, flexibility of integration and usage, user friendly UI. Review collected by and hosted on G2.com.

Endor Labs need to make more of the API capabilities available in the UI. Review collected by and hosted on G2.com.

Endor Labs is, in a good way, simplistic. The data we care about is quickly available to us. Our prior SCA tooling reachability analysis wasn't robust and we couldn't determine which vulnerabilities could truly threaten our business, so we couldn't manually research reachability or perform upgrades without knowing if they mattered. Our risk models were overly aggressive to compensate, which has now been dramatically improved by using Endor Labs. Review collected by and hosted on G2.com.

Endor Labs is a new entrant into the SCA space, and has only been around for a short period of time (2022). There is always a risk of engaging with a critical vendor that you depend on for Security and Compliance, when they are a relatively new business.

We are happy with all of their current features. Review collected by and hosted on G2.com.

Endor Labs is scrappy company that has left me with the impression that they will do what it takes to see their customers succeed. For software composition and reachabiity analysis, it was difficult to find a competing product in the current market that is as fully featured as their platform. They place a big emphasis on methodology (and have SMEs that write about this) and are also capable of performing reachability analysis on transitive dependencies, which was a big selling point for us.

Implementation and ease of integration were also a big selling point. All the basics are there - a CLI tool, an optional Github application, and a well-maintained github action with all the features of the CLI tool. Members of the team, outside of customer support, were ready and able to help whenever we ran into issues in one of our many Java / Maven repositories. Review collected by and hosted on G2.com.

UI/UX could use some fine tuning. For example, users authenticating via a custom IdP sometimes show up as have an "unknown provider" in the access control tab, despite it being clear that they are sourced from the IdP. It would also be nice to be able to set a default monitored branch from the console (this is currently only possible via a CLI flag). Review collected by and hosted on G2.com.

Endor Labs has revolutionized our approach to managing our OSS dependency & securitization of our software supply chain. SCA solution goes beyond traditional vulnerability scanning, offering deep reachbility that has dramatically reduced not only our risk exposure but developer productivity while addressing such issues.

Really loved how they do the same with all the verticals. They are expanding to including container scanning where they link vulnerability found in container level back to source code and OSS scan results.

In a few years we have used Endor we have found them to be rapid in reflecting our needs and continually syncing to deliver on our requests throughout the Journey. Customer sympathy is truly a factor to highlight when we think of Endor Labs as a partner. Review collected by and hosted on G2.com.

It would be great if Endor Labs continue to expand their vertical all the way to runtime analysis of containers to truly make it an end to end software lifecycle vulnerability/security platform. Review collected by and hosted on G2.com.

The way SCA is performed on projects is the best I've seen from all products I've tested. Function-level reachability for many languages/technologies differentiates it from most, if not all, competitors. The UI easily shows me the findings on all projects, with detailed information on location, call-stack, impact, CVEs...

It also lets us, from the UI, fine-tune policies on when to warn/block/ignore builds on findings. Review collected by and hosted on G2.com.

The only downside I've come across is setting up Endor Labs for a project could be easier. It's not hard, but some errors or problems could have a more explicit message on how to solve (e.g. some project's dependencies failed to be analysed), but given the large amount of supported technologies, it's understandable. Review collected by and hosted on G2.com.

Endor Labs has a very sophisticated engine for function reachability. I would say it is unparallel in the industry as of right now. Review collected by and hosted on G2.com.

The UI/UX experience needs some work. However, it has been getting better in the last two years. I have used this product. Also, it needs better Jira integration. Again, this is something they're actively working on. Review collected by and hosted on G2.com.