Vendors
A vendor is a third-party company you depend on. Vendors are global entities in VendexLabs: the same 1Password or AWS record is shared across the platform, which is what lets enrichment and monitoring be done once and reused. When you add a vendor VendexLabs already knows, it’s recognized instantly. When you add one it hasn’t seen, VendexLabs creates a new vendor record and enriches it from public sources.Vendor profiles
Each vendor has a profile — the researched dossier that powers scoring and the vendor detail pages. A profile includes:- Company description, industry, headquarters, and business type
- Security posture and compliance certifications
- Privacy controls and the data the vendor collects
- Breach and threat history
- Business and financial maturity signals
- Risk scores and the latest GRC assessment
Products
A vendor can offer more than one product, and you may use them differently. VendexLabs lets you track products as separate line items under a vendor — for example, Automox’s “Autonomous Endpoint Management” appears as a product row beneath the Automox vendor.
Vendor lists
Your organization’s tracked vendors live on a vendor list. Every account has a default list calledmaster-list. A list holds:
- Membership — which vendors (and products) you track
- Dependency tier — how critical each vendor is to you
- Alert settings — whether incident monitoring is on for that vendor
Custom vendors — ones not already in the shared catalog — are enriched when you add them. Each organization can add up to 500 distinct custom vendors.
How this maps to the API
| Concept | API object | Notes |
|---|---|---|
| Vendor | Vendor | Global; id, name, website_url |
| Profile | VendorProfile | Enriched dossier and scores |
| Product | VendorProduct | Global (enriched) or org-scoped (custom) |
| Vendor list | VendorList | Per account; master-list by default |
| List membership | VendorListVendor | Carries dependency_tier, alerts_enabled |
