# Endor Labs Reviews **Vendor:** Endor Labs **Category:** [Software Supply Chain Security Solutions](https://www.g2.com/categories/software-supply-chain-security-tools) **Average Rating:** 4.8/5.0 **Total Reviews:** 9 ## About Endor Labs Endor Labs helps you build and ship secure software fast, whether it's written by humans and AI. While conventional code scanning tools drown teams in false positives, Endor Labs zeroes in on real risks, empowering developers without slowing them down. Trusted by OpenAI, Snowflake, Peloton, Robinhood, Dropbox, Rubrik, and more, Endor Labs is transforming AppSec. • 92% less alerts: Unify code scanning (SAST, SCA, container, secrets, malware, AI models) and automate security code reviews with AI. Pinpoint real vulnerabilities with function-level reachability, filtering out unreachable risks and letting developers fix what matters as they code. • 6X faster fixes: Skip the guesswork. Endor Labs guides developers towards safe OSS upgrades, and backports fixes for hard-to-update libraries. • Guardrails for AI coding assistants: Endor Labs natively integrates into AI coding assistants to help them produce code securely by default. Additionally, Endor Labs has built multiple agents to review the AI and human generated code for architecture and business-logic issues. • Compliance, streamlined: FedRAMP, PCI, NIST, and SLSA compliance is simplified with artifact signing, SBOM, VEX, and more—accelerating your path to secure, compliant code. Learn more at: www.endorlabs.com/demo-request ## Endor Labs Pros & Cons **What users like:** - Users appreciate the **advanced reachability analysis** and user-friendly UI that enhance efficiency and integration capabilities. (5 reviews) - Users appreciate the **user-friendly UI** of Endor Labs, enabling quick access to crucial data and insights. (4 reviews) - Users value the **accuracy of findings** from Endor Labs, enabling effective risk management and informed decision-making. (3 reviews) - Users commend Endor Labs for their **responsive and helpful customer support** , ensuring swift assistance and effective solutions. (3 reviews) - Users value the **exceptional integration support** from Endor Labs, making setup and implementation seamless for their teams. (3 reviews) - Security (3 reviews) - User Interface (3 reviews) - Users value the **robust vulnerability detection** by Endor Labs, enhancing security and developer productivity significantly. (3 reviews) - Easy Integrations (2 reviews) - Implementation Ease (2 reviews) **What users dislike:** - Users indicate that **UI/UX needs improvement** , particularly in API visibility and integration with custom IdPs. (3 reviews) - Users feel that the **API limitations** hinder their experience and desire more integration in the UI. (1 reviews) - Users find the **difficult setup** of Endor Labs can complicate project initiation despite its extensive technology support. (1 reviews) - Users find **integration issues** with Jira hinder their experience, but improvements are being made over time. (1 reviews) - Users note the **missing features** like improved UI/UX and default branch settings, affecting overall usability. (1 reviews) - Poor Interface Design (1 reviews) - Poor UI Design (1 reviews) - Users find **scanning issues** in Endor Labs could be more user-friendly, with clearer error messages for problem resolution. (1 reviews) ## Endor Labs Reviews ### 1. Easy SCA Integration with Clear, Actionable Vulnerability Insights **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Security and Investigations | Mid-Market (51-1000 emp.) **Reviewed Date:** March 18, 2026 **What do you like best about Endor Labs?** What I like best about Endor Labs is how easy it is to integrate their SCA scans into our repositories and get clear visibility into open-source vulnerabilities. The tool provides actionable insights that help us address security risks early in the development cycle, making our workflow more secure and efficient. **What do you dislike about Endor Labs?** The tool is overall very helpful, but one area for improvement could be faster scan times on larger repositories. While the results are accurate and detailed, optimizing performance for bigger projects would make the experience even smoother. **What problems is Endor Labs solving and how is that benefiting you?** Endor Labs helps us identify and manage vulnerabilities in our open-source dependencies early in the development process. By providing clear visibility and actionable insights, it allows our team to address security risks before they make it into production, improving overall code security and compliance. This has helped us save time, reduce potential security incidents, and maintain confidence in the software we ship. ### 2. Took the SCA scans to whole another level with their reachability analysis **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** October 23, 2025 **What do you like best about Endor Labs?** We appreciate Endor Labs for several reasons that have significantly benefited my team and me. Their support team is always helpful, promptly assisting us whenever we encounter obstacles and even implementing feature requests that directly address our issues. This active and responsive customer support is crucial in our daily operations. The Reachability Analysis feature has been a lifesaver, enabling our engineers to allocate their efforts effectively and focus only on impactful upgrades, which prevents the unnecessary use of vulnerable functions from open-source libraries. Endor Labs' solution gives our team confidence and speed in tackling supply chain security concerns, as it ensures that all libraries are thoroughly scanned for vulnerabilities. Their centralized dashboard is incredibly convenient for quickly checking the usage of dependencies in our code, drastically reducing the time spent on security checks. Their innovative approach to Software Composition Analysis (SCA) is impressive; they prioritize actionable alerts based on reachability, thereby lessening the overwhelming number of findings we might typically have to sift through. Moreover, setting up Endor Labs was straightforward, which made the initial integration almost seamless. Overall, their extended support and impactful innovations in addressing SCA findings serve as a compelling reason for us to continue using and recommending Endor Labs. **What do you dislike about Endor Labs?** Nothing so far, they have been good at what they are doing to security landscape. **What problems is Endor Labs solving and how is that benefiting you?** Endor Labs scans and vets open-source libraries for security, preventing supply chain attacks and offering a centralized dashboard to streamline dependency management. It saves engineers' time with Reachability Analysis, improving efficiency and prioritizing critical issues. **Official Response from Jenn Gile:** > Thanks for the positive feedback! I'm not surprised at all to hear such kind words about our support team, they indeed are fantastic. It's great to hear about your experience with reachability (customers average 92% noise reduction) and other features helping you reduce the amount of time spent on security checks. ### 3. Great product, delivered on outcomes **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Mid-Market (51-1000 emp.) **Reviewed Date:** March 12, 2026 **What do you like best about Endor Labs?** Easy to use, reduced our FPs significantly, helped democratize the VM program into engineering directly. Support is quick and efficient. UI is intuitive. Deployment was easy and quick. **What do you dislike about Endor Labs?** Very little, I enjoy the product very much. Only callout would be to have the Slack threat intel alerts be customer specific rather than global. **What problems is Endor Labs solving and how is that benefiting you?** Reducing false positives and noise from third party vulns that don't affect us in practice. Reduced our security related engineering efforts without hurting the risk reduction outcomes. ### 4. Leader in the SCA technology **Rating:** 5.0/5.0 stars **Reviewed by:** Muhammad S. | Principal Software Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** December 08, 2025 **What do you like best about Endor Labs?** Reachability analysis feature, detailed and useful recommendations, higher accuracy, flexibility of integration and usage, user friendly UI. **What do you dislike about Endor Labs?** Endor Labs need to make more of the API capabilities available in the UI. **What problems is Endor Labs solving and how is that benefiting you?** Open source vulnerability and license risks in the software supply chain and generation and management of SBOM reports. **Official Response from Jenn Gile:** > Hi Muhammad, thank you for your review! We're so glad you're getting value from the platform and totally agree - great features (like reachability analysis) are only great when they're part of a great experience. And of course, we continue to work on the user experience through both the UI and API. ### 5. Jellyfish Enables Data-Driven AppSec with Endor Labs **Rating:** 5.0/5.0 stars **Reviewed by:** James K. | Head of Security and Privacy, Mid-Market (51-1000 emp.) **Reviewed Date:** August 15, 2024 **What do you like best about Endor Labs?** Endor Labs is, in a good way, simplistic. The data we care about is quickly available to us. Our prior SCA tooling reachability analysis wasn't robust and we couldn't determine which vulnerabilities could truly threaten our business, so we couldn't manually research reachability or perform upgrades without knowing if they mattered. Our risk models were overly aggressive to compensate, which has now been dramatically improved by using Endor Labs. **What do you dislike about Endor Labs?** Endor Labs is a new entrant into the SCA space, and has only been around for a short period of time (2022). There is always a risk of engaging with a critical vendor that you depend on for Security and Compliance, when they are a relatively new business. We are happy with all of their current features. **What problems is Endor Labs solving and how is that benefiting you?** Software Composition and reachability analysis. Our prior tooling had limitations in reachability, which Endor has solved for. ### 6. Likely the Market Leader **Rating:** 5.0/5.0 stars **Reviewed by:** Alex O. | DevSecOps Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** July 16, 2024 **What do you like best about Endor Labs?** Endor Labs is scrappy company that has left me with the impression that they will do what it takes to see their customers succeed. For software composition and reachabiity analysis, it was difficult to find a competing product in the current market that is as fully featured as their platform. They place a big emphasis on methodology (and have SMEs that write about this) and are also capable of performing reachability analysis on transitive dependencies, which was a big selling point for us. Implementation and ease of integration were also a big selling point. All the basics are there - a CLI tool, an optional Github application, and a well-maintained github action with all the features of the CLI tool. Members of the team, outside of customer support, were ready and able to help whenever we ran into issues in one of our many Java / Maven repositories. **What do you dislike about Endor Labs?** UI/UX could use some fine tuning. For example, users authenticating via a custom IdP sometimes show up as have an "unknown provider" in the access control tab, despite it being clear that they are sourced from the IdP. It would also be nice to be able to set a default monitored branch from the console (this is currently only possible via a CLI flag). **What problems is Endor Labs solving and how is that benefiting you?** Endor Labs is our go-to platform for software composition and reachability analysis. They are able to perform reachability analysis on transitive dependencies - a big selling point. ### 7. Endor Labs is an industry leader in the SCA space **Rating:** 5.0/5.0 stars **Reviewed by:** Young Jin K. | DevSecOps Lead, Mid-Market (51-1000 emp.) **Reviewed Date:** July 30, 2024 **What do you like best about Endor Labs?** Endor Labs has revolutionized our approach to managing our OSS dependency & securitization of our software supply chain. SCA solution goes beyond traditional vulnerability scanning, offering deep reachbility that has dramatically reduced not only our risk exposure but developer productivity while addressing such issues. Really loved how they do the same with all the verticals. They are expanding to including container scanning where they link vulnerability found in container level back to source code and OSS scan results. In a few years we have used Endor we have found them to be rapid in reflecting our needs and continually syncing to deliver on our requests throughout the Journey. Customer sympathy is truly a factor to highlight when we think of Endor Labs as a partner. **What do you dislike about Endor Labs?** It would be great if Endor Labs continue to expand their vertical all the way to runtime analysis of containers to truly make it an end to end software lifecycle vulnerability/security platform. **What problems is Endor Labs solving and how is that benefiting you?** Streamlining security and vulnerability management in software supply chain while optimizing not only the accuracy but time to value via deep reachability/tracing analysis. Ultimately translates to substantial cost and quicker safe delivery of our service. ### 8. The best reachability analysis I've tested, with an intuitive yet powerful UI **Rating:** 5.0/5.0 stars **Reviewed by:** João P. | Application Security Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** August 02, 2024 **What do you like best about Endor Labs?** The way SCA is performed on projects is the best I've seen from all products I've tested. Function-level reachability for many languages/technologies differentiates it from most, if not all, competitors. The UI easily shows me the findings on all projects, with detailed information on location, call-stack, impact, CVEs... It also lets us, from the UI, fine-tune policies on when to warn/block/ignore builds on findings. **What do you dislike about Endor Labs?** The only downside I've come across is setting up Endor Labs for a project could be easier. It's not hard, but some errors or problems could have a more explicit message on how to solve (e.g. some project's dependencies failed to be analysed), but given the large amount of supported technologies, it's understandable. **What problems is Endor Labs solving and how is that benefiting you?** Lack of Software Composition Analysis - using Endor Lab's reachability analysis, we can prioritize the findings to be fixed. ### 9. Endor Labs unparalleled in function reachability **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Telecommunications | Enterprise (> 1000 emp.) **Reviewed Date:** June 20, 2024 **What do you like best about Endor Labs?** Endor Labs has a very sophisticated engine for function reachability. I would say it is unparallel in the industry as of right now. **What do you dislike about Endor Labs?** The UI/UX experience needs some work. However, it has been getting better in the last two years. I have used this product. Also, it needs better Jira integration. Again, this is something they're actively working on. **What problems is Endor Labs solving and how is that benefiting you?** Endor Labs is helping us prioritize mission critical third-party library vulnerabilities. It is allowing us to target those vulnerabilities we can remediate quickly and then move into vulnerabilities that will take much longer to remediate. - [View Endor Labs pricing details and edition comparison](https://www.g2.com/products/endor-labs/reviews?section=pricing&secure%5Bexpires_at%5D=2026-05-15+19%3A59%3A26+-0500&secure%5Bsession_id%5D=0d4fcf68-c27c-40c7-bad8-a57f9ef45723&secure%5Btoken%5D=6e25b2cb6edf1e580185bf0940aeeaf9c493aa4c974b0df0bb9c8ee0c121fc4b&format=llm_user) ## Endor Labs Integrations - [ArmorCode Agentic AI Platform](https://www.g2.com/products/armorcode-agentic-ai-platform/reviews) - [Azure Pipelines](https://www.g2.com/products/azure-pipelines/reviews) - [Bitbucket](https://www.g2.com/products/bitbucket/reviews) - [Brinqa](https://www.g2.com/products/brinqa/reviews) - [Cloudsmith](https://www.g2.com/products/cloudsmith/reviews) - [Cursor](https://www.g2.com/products/cursor/reviews) - [GitHub](https://www.g2.com/products/github/reviews) - [GitHub Chat All](https://www.g2.com/products/github-chat-all/reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) - [Google](https://www.g2.com/products/google-google/reviews) - [Jira](https://www.g2.com/products/jira/reviews) - [Microsoft Defender for Cloud](https://www.g2.com/products/microsoft-defender-for-cloud/reviews) - [Nucleus](https://www.g2.com/products/nucleus/reviews) - [Slack](https://www.g2.com/products/slack/reviews) - [StackHawk](https://www.g2.com/products/stackhawk/reviews) - [Upwind](https://www.g2.com/products/upwind/reviews) - [Vanta](https://www.g2.com/products/vanta/reviews) ## Endor Labs Features **Administration** - API / Integrations - Extensibility **Administration** - Risk Scoring - Security Auditing - Configuration Management **Functionality - Software Composition Analysis ** - Language Support - Integration - Transparency **Risk Analysis** - Risk Scoring - Reporting - Risk-Prioritization **Documentation** - Feedback - Prioritization - Remediation Suggestions **Functionality** - Cental dashboard **Security** - Tampering - Malicious Code - Verification - Security Risks **Compliance** - Access Management - Sensitive Data Compliance **Analysis** - Reporting and Analytics - Issue Tracking - Static Code Analysis - Code Analysis **Monitoring** - Continuous Image Assurance - Observability **Effectiveness - Software Composition Analysis** - Remediation Suggestions - Continuous Monitoring - Thorough Detection **Vulnerability Assesment** - Vulnerability Scanning - Vulnerability Intelligence - Contextual Data - Dashboards **Security** - False Positives - Custom Compliance - Agility **Tracking** - Bill of Materials - Audit Trails - Monitoring **Administration** - Database Management - Deduplication - Backup - API / integrations **Testing** - Command-Line Tools - Test Automation - Compliance Testing - Detection Rate - False Positives **Protection** - Dynamic Image Scanning **Automation** - Automated Remediation - Workflow Automation - Test Automation **Security ** - Multi-Factor Authentication - Data Transport **Agentic AI - Static Application Security Testing (SAST)** - Autonomous Task Execution ## Top Endor Labs Alternatives - [GitLab](https://www.g2.com/products/gitlab/reviews) - 4.5/5.0 (874 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - 4.7/5.0 (773 reviews) - [GitHub](https://www.g2.com/products/github/reviews) - 4.7/5.0 (2,279 reviews)