Pricing
Every feature. Free. Forever.
We sell compute, not features. All 20 MCP tools, the 7-layer application graph, and unlimited local scans are free with no signup. You only pay when you need hosted runtime scanning.
MCP & CLI
All tools. All analysis. No signup required.
- All 20 MCP tools
- 7-layer application graph
- Unlimited local scans
- All export formats (MD, JSON, PDF)
- Baseline & triage management
- CI/CD integration
- No signup required
Hosted Scans
Runtime browser scanning in the cloud.
- Runtime browser scanning
- 10 scans per month
- PDF reports
- Dashboard & scan history
- Scheduled rescans
- Email reports
Teams
Unlimited scans for engineering teams.
- Unlimited scans
- 10 seats included
- API access
- SARIF export (GitHub Code Scanning)
- GitHub issue sync
- Shared baselines across team
Enterprise
Custom infrastructure and compliance.
- SSO / SAML
- Custom detection rules
- Dedicated infrastructure
- SLA + dedicated support
Our philosophy
We sell compute, not features.
Every MCP tool, every analysis layer, every export format is free and runs locally. No license key. No auth wall. No usage caps. No telemetry you can't disable.
The tools and analysis are always free. You pay for hosted runtime scans — the compute we run on our infrastructure to crawl and test your live application in a real browser.
The upgrade path
The upgrade is obvious.
You start with the MCP server in your AI agent. Then you want runtime scans without setting up Chrome locally. Then your team needs a shared dashboard. Then you need it in GitHub.
Each step is a natural escalation. We don't push you there — the workflow does. By the time you need Hosted or Teams, you already know it's worth it because you've been using the full engine for free.
Compare plans
Feature breakdown
| Feature | MCP & CLI | Hosted | Teams | Enterprise |
|---|---|---|---|---|
| All 20 MCP tools | ||||
| 7-layer application graph | ||||
| Unlimited local scans | ||||
| All export formats (MD, JSON, PDF) | ||||
| Baseline & triage | ||||
| CI/CD integration | ||||
| Runtime browser scanning | ||||
| 10 scans/mo (hosted) | ||||
| Unlimited scans (hosted) | ||||
| PDF reports | ||||
| Dashboard & scan history | ||||
| Scheduled rescans | ||||
| 10 seats | ||||
| API access | ||||
| SARIF export (Code Scanning) | ||||
| GitHub issue sync | ||||
| Shared baselines | ||||
| SSO / SAML | ||||
| Custom detection rules | ||||
| Dedicated infrastructure | ||||
| SLA + dedicated support |
FAQ
Common questions
Is the MCP server really free?
Yes. All 20 MCP tools, the 7-layer application graph, unlimited local scans, every export format, baseline & triage management. No signup, no license key, no usage caps. Free forever.
What does Hosted Scans add?
Runtime browser scanning on our infrastructure. We launch a real browser, crawl your application, and test every route and endpoint. You get PDF reports, a dashboard with scan history, and scheduled rescans. Same engine, we just run it for you.
How does Teams pricing work?
Teams is $99/mo flat for up to 10 seats with unlimited scans. Every seat gets full access to the API, SARIF export, GitHub issue sync, shared baselines, and the team dashboard. Need more seats? Contact us for Enterprise.
What's in Enterprise?
SSO/SAML, custom detection rules, dedicated infrastructure, and SLA with dedicated support. That's it — no vaporware, no features we haven't built yet.
What about the CLI?
The CLI is included in the free tier. Install via npm and run scans locally with full access to all detection modules, export formats, and CI/CD integration. The MCP server runs alongside it.
Do you offer annual billing?
Yes. Annual plans get 2 months free. Hosted annual is $290/year. Teams annual is $990/year.
Start scanning for free.
No signup. No credit card. No auth wall.