Flat annual pricing. No surprises.
See your full compliance posture before paying. No time limit. No account required.
No per-resource fees. No per-seat fees. No surprise bills. Budget it once, use it all year.
Need a DPA? Download here
| Feature | Community — Free | Pro — $599/yr | Team — $1,999/yr | Agency — $4,999/yr | Enterprise — $24,999/yr | Ent. Unlimited — Custom |
|---|---|---|---|---|---|---|
| Assessment | ||||||
| Assess | All 53 | All 53 | All 53 | All 53 | All 53 | All 53 |
| Greenfield scaffolding | SOC2 + CIS | 11 frameworks | 24 frameworks | 36 frameworks | All 53 | All 53 |
| Remediation | ||||||
| Remediate | 4 frameworks | 11 frameworks | 24 frameworks | 36 frameworks | All 53 | All 53 |
| Checkov validation | ||||||
| Reporting | ||||||
| Report formats | JSON, terminal, SARIF | + HTML | + Dashboard | + Dashboard | All | All |
| HTML report | — | Local only | ||||
| Branded PDF | — | — | — | White-labeled | White-labeled | White-labeled |
| CI/CD | ||||||
| CI/CD integration | — | GitHub Action | GitHub Action + API | GitHub Action + API | GitHub Action + API | GitHub Action + API |
| OPA/Rego bundles | — | — | ||||
| Custom Checkov policies | — | |||||
| Cloud Intelligence | ||||||
| IAM least-privilege | — | — | Cross-cloud | Cross-cloud | Cross-cloud | Cross-cloud |
| CSPM cross-validation | — | — | Bi-directional | Bi-directional | Bi-directional | Bi-directional |
| Cost impact analysis | — | — | Per-remediation | Per-remediation | Per-remediation | Per-remediation |
| Landing zone detection | — | — | ||||
| Hosting | ||||||
| Cloud projects | Unlimited (local) | Unlimited (local) | 1 engagement (hosted) | 5 engagements (hosted) | 5 engagements (hosted) | Unlimited (hosted) |
| Hosted dashboard | — | — | Single-project | Multi-project | Multi-project | Unlimited |
| Drift alerts | — | — | Daily | Daily | Daily | Daily |
| Real-time drift events | — | — | (opt-in) | (opt-in) | (opt-in) | (opt-in) |
| Collaboration | ||||||
| Team seats | — | — | Up to 10 | Up to 25 | Up to 50 | Unlimited |
| Shared scan links | — | — | ||||
| Batch scan + assess | — | Up to 10/batch | Up to 10/batch | Up to 10/batch | Up to 10/batch | Up to 10/batch |
| Batch remediate + export | — | — | — | Up to 10/batch | Up to 10/batch | Up to 10/batch |
| Evidence export (cloud-native) | — | — | SCC · Audit Mgr · Purview | SCC · Audit Mgr · Purview | SCC · Audit Mgr · Purview | SCC · Audit Mgr · Purview |
| Evidence export (GRC) | — | — | — | Vanta · Drata · Secureframe | Vanta · Drata · Secureframe | Vanta · Drata · Secureframe |
| Tamper-evident | Hash only | Hash only | Ed25519 signed | Ed25519 signed | Ed25519 signed | Ed25519 signed |
| Security & Compliance | ||||||
| SSO | — | — | Google OAuth + SAML | Google OAuth + SAML | Enforced SAML + SCIM | Enforced SAML + SCIM |
| Data residency | — | — | US + EU (auto) | US + EU (auto) | US + EU + ME | US + EU + ME |
| Air-gap deployment | — | — | — | — | ||
| IP allowlist | — | — | — | — | ||
| Audit log | — | — | ||||
| Webhooks | — | — | Up to 3 endpoints | Up to 3 endpoints | Up to 3 endpoints | Up to 3 endpoints |
| Data retention | — | — | 6 months | 12 months | 24 months | Unlimited |
| Access | ||||||
| Scan sources | Local state (standard) | + remote backends | + API scan | + API scan | All | All |
| Account required | — | |||||
| Support | ||||||
| Support | Community (GitHub) | Email (48hr) | Priority email (24hr) | Priority+ email (12hr) | Premium email (4hr) | Dedicated Slack (1hr) |
See your full compliance posture before paying. No time limit. No account required.
Frequently asked questions
Yes. You pay only the prorated difference for the remaining time. Upgrade takes effect immediately. This applies to all self-serve tiers from Pro through Enterprise.
Not mid-cycle. Cancel your current plan (you keep full access through the end of your paid period), then re-subscribe at a lower tier.
You can assess any of the 53 frameworks for free. If you need to remediate, upgrade to the tier that includes that framework.
The free tier is the trial. Assess all 53 frameworks, remediate 4, no time limit, no account required.
Enterprise Unlimited is tailored to your organization's
needs.
Contact our sales team
for a custom quote. We'll respond within 1 business day.
Team includes up to 10 members. Agency: 25. Enterprise: 50. Enterprise Unlimited: unlimited. No per-seat fees — invite your whole team.
Team and Agency tiers auto-select US or EU based on your billing address. Enterprise tiers can also choose Local Region Residency. Community and Pro are CLI-only — no data touches our servers.
Yes. Team+ customers can export all hosted data (scan results, projects, audit log) as a ZIP archive from the dashboard or CLI at any time.