aicoolies logo
Endor Labs logo

Endor Labs

Dependency lifecycle management and risk reduction

Share
paid
Visit Website →

Endor Labs is a dependency management platform that goes beyond vulnerability scanning to assess the overall risk of open-source dependencies. Evaluates maintainer activity, code quality, popularity trends, licensing, and operational risk alongside CVEs. Features reachability analysis to determine if vulnerabilities are actually exploitable in your codebase. Provides dependency selection guidance for choosing safer alternatives. Reduces alert fatigue by prioritizing truly risky dependencies.

Endor Labs takes a holistic approach to dependency risk — evaluating not just CVEs but maintainer health, code quality, popularity trends, licensing, and operational risk of every open-source package.

Reachability analysis determines whether vulnerabilities in dependencies are actually reachable from your code paths, eliminating noise from unexploitable issues that traditional scanners flag.

Dependency selection guidance helps teams choose safer package alternatives before adoption. Continuous monitoring alerts when dependency risk profiles change — abandoned projects, maintainer account compromises, or declining quality.

Integrates with GitHub, CI/CD pipelines, and SBOM generation. Reduces the alert fatigue that plagues traditional SCA tools by focusing on actionable risks.

Pricing

Custom pricing (contact sales)

Platforms

Web, GitHub, CI/CD, API

Categories

Tags

Use Cases

Alternatives

Steel logo

Steel

Open-source browser infrastructure for AI agents at scale

Steel is an open-source browser API purpose-built for AI agents, providing managed headless browser sessions with anti-bot bypass, proxy rotation, CAPTCHA solving, and session persistence. It handles the infrastructure layer that browser automation agents like Browser Use and Stagehand run on top of. Self-hostable or available as a cloud service. Over 6,000 GitHub stars.

open-sourceOpen Source
Trigger.dev logo

Trigger.dev

Open-source background jobs and AI workflows for TypeScript

Trigger.dev is an open-source platform for building and deploying background jobs, AI agents, and long-running workflows in TypeScript. It eliminates serverless timeouts with durable task execution, automatic retries, queue-based concurrency control, and elastic scaling. Used by 30,000+ developers at companies like MagicSchool and Icon.com, it processes hundreds of millions of agent runs monthly. Backed by a $16M Series A led by Dalton Caldwell's Standard Capital fund.

freemiumOpen Source

Dokploy

Open-source PaaS alternative to Vercel, Heroku, and Netlify

Dokploy is a free open-source platform-as-a-service for self-hosting applications without cloud vendor lock-in. It provides automated deployments from Git repositories, built-in SSL certificates, database provisioning, Docker and Docker Compose support, and a clean web dashboard for managing multiple applications on your own servers. With 18,000+ GitHub stars, it fills the gap for teams wanting Vercel-like deployment simplicity on their own infrastructure.

open-sourceOpen Source

Related Tools

KubeAI

Kubernetes operator for serving AI inference workloads

KubeAI is an Apache-2.0 Kubernetes operator for deploying and scaling AI inference workloads, including LLMs, embeddings, reranking, and speech-to-text. It gives platform teams OpenAI-compatible endpoints, model proxy/controller primitives, model caching, scale-from-zero behavior, and cluster-native resource management for self-hosted inference on Kubernetes.

open-sourceOpen Source
Agent Governance Toolkit logo

Agent Governance Toolkit

Microsoft’s public-preview runtime governance toolkit for policy, identity, sandboxing, audit, and MCP security around AI agents.

Agent Governance Toolkit is Microsoft’s MIT-licensed public-preview toolkit for governing AI agent runtimes. It adds policy enforcement, zero-trust identity, execution sandboxing, audit, reliability, and MCP security-gateway patterns around tool calls and autonomous actions, helping platform teams move beyond prompt-only guardrails while preserving architecture review requirements.

open-sourceOpen SourceTelemetry
Baz logo

Baz

Telemetry-aware AI code reviewer that checks how pull requests may affect real services.

Baz is an AI code-review platform focused on production-aware pull requests. Instead of only reading the diff, Baz connects code changes to application telemetry so reviewers can understand what endpoints, services, and runtime behavior may be affected. That makes it a useful complement to existing AI PR bots when the question is not just whether a change looks correct, but whether it could break a live system.

freemiumTelemetry
rampart

Rampart

Microsoft’s pytest-native red teaming framework for turning AI agent safety findings into CI tests.

RAMPART is an open-source Microsoft framework for safety and security testing of agentic AI applications. It brings red-team findings into a pytest-native workflow so teams can turn prompt injection, unsafe tool use, and behavioral boundary failures into repeatable regression tests. The strongest aicoolies angle is developer workflow: RAMPART makes agent safety part of CI/CD instead of a one-off security review.

open-sourceOpen Source
Statewright logo

Statewright

State-machine guardrails for controlling which tools AI coding agents can use at each phase.

Statewright is a guardrail layer for AI coding agents that uses explicit state machines to control what an agent can do at each stage of a workflow. Instead of relying only on prompt instructions, teams can model phases such as plan, implement, test, and review, then constrain tool access for clients like Claude Code, Codex, Cursor, opencode, and related MCP workflows.

open-sourceOpen Source
Freestyle logo

Freestyle

Sandboxes for coding agents — Linux VMs, Git, and deploys in one box

Freestyle is YC-backed sandbox infrastructure built for AI coding agents, shipping secure Linux VMs with nested virtualization, Git servers, and one-click web deploys. It lets agents run real workloads, branch repos, and deploy apps under short-lived identities while billing only for active compute. Used in production by vly.ai, Rork, and Vibeflow.

freemium