Skip to main content
Understanding how VendexLabs represents vendors makes everything else — scoring, assessments, imports, and the API — easier to follow.

Vendors

A vendor is a third-party company you depend on. Vendors are global entities in VendexLabs: the same 1Password or AWS record is shared across the platform, which is what lets enrichment and monitoring be done once and reused. When you add a vendor VendexLabs already knows, it’s recognized instantly. When you add one it hasn’t seen, VendexLabs creates a new vendor record and enriches it from public sources.

Vendor profiles

Each vendor has a profile — the researched dossier that powers scoring and the vendor detail pages. A profile includes:
  • Company description, industry, headquarters, and business type
  • Security posture and compliance certifications
  • Privacy controls and the data the vendor collects
  • Breach and threat history
  • Business and financial maturity signals
  • Risk scores and the latest GRC assessment
Profiles are generated automatically and refreshed on a schedule, so the picture stays current rather than freezing at the moment of onboarding.

Products

A vendor can offer more than one product, and you may use them differently. VendexLabs lets you track products as separate line items under a vendor — for example, Automox’s “Autonomous Endpoint Management” appears as a product row beneath the Automox vendor. Vendors page showing a vendor expanded to reveal its product line Products are optional. If you don’t need product-level tracking, a single vendor row is enough.

Vendor lists

Your organization’s tracked vendors live on a vendor list. Every account has a default list called master-list. A list holds:
  • Membership — which vendors (and products) you track
  • Dependency tier — how critical each vendor is to you
  • Alert settings — whether incident monitoring is on for that vendor
Because tier and alert settings live on the list membership, two organizations can track the same vendor with completely different context.
Custom vendors — ones not already in the shared catalog — are enriched when you add them. Each organization can add up to 500 distinct custom vendors.

How this maps to the API

ConceptAPI objectNotes
VendorVendorGlobal; id, name, website_url
ProfileVendorProfileEnriched dossier and scores
ProductVendorProductGlobal (enriched) or org-scoped (custom)
Vendor listVendorListPer account; master-list by default
List membershipVendorListVendorCarries dependency_tier, alerts_enabled
See the Data models reference for full field lists.