Endor Labs

About Endor Labs

AURI is an AI static application security testing (SAST) tool developed by Endor Labs. Acting as security intelligence for AI coding agents, AURI helps teams prioritize real risks, reduce noise and remediate vulnerabilities quickly. It understands how code works and identifies what matters most to the organisation. The tool intelligently analyses code, triaging false positives and validating multi-file and multi-function data flows. It assists in identifying complex vulnerabilities beyond traditional rule-based scanning, such as business logic and authentication flaws. AURI integrates directly into AI code editors to give developers and agents the tools to fix code before their first commit. The software automatically triages findings by parsing syntax, tracing data flow, and reasoning about context and logic to present issues that genuinely matter. It validates findings, providing transparent evidence and reasoning for every decision. The tool allows the addition of custom prompts and rules to align agent behaviour with an organization's security policies, priorities, and threat models. Moreover, AURI can highlight complex logic flaws and other risks typically found in pentest reports and bug bounty programs without the need for rule creation or upkeep. It provides reachable findings and delivers precise, explainable fixes for developers. Additionally, AURI offers smart fix suggestions that generate context-aware solutions aligned with your codebase for review. It supports over 40 languages, including Java, Javascript, Python, C#, C/C++, Go, Kotlin, TypeScript, Ruby, Rust, JSX, PHP, Scala, Swift, Terraform, and more.