Open core. Premium proof.
The methodology and engine are open. You pay for the gate, the PoC factory, and everything that turns a finding into a disclosure you can stand behind.
Open
Everything you need to hunt public repos.
- Public repositories
- Full methodology (CC-BY-4.0)
- CLI + Claude Code plugin
- Local Companion app
- 1 personal workspace
- Community support
Pro
The proof layer. Where the gate lives.
- Everything in Open
- Private repositories
- Unlimited scans
- The validation gate + PoC factory
- Disclosure packages (advisory + CVSS)
- Maintainer-pushback simulator
- Priority engine
Team
Shared research, still local-first.
- Everything in Pro
- Shared team workspaces
- Role-scoped access
- Team leaderboard
- Full gate audit trail
- SSO (Google / GitHub)
Enterprise
Your infrastructure, your rules.
- Everything in Team
- Self-hosted engine
- SSO / SAML
- On-prem Companion fleet
- Custom archetypes & rules
- Dedicated support + SLA
The gate, the proof factory, the pushback simulator.
Anyone can find a bug. Pro is for turning it into a validated, defensible disclosure — the part competitors leave to you.
The short version.
Is anything actually free?
Yes — the full methodology (CC-BY), the engine (Apache-2.0), the CLI/plugin, and the Companion. Open scans public repos forever.
Do you ever see my code?
No. The Companion runs everything locally; the cloud only ever receives a finding's shape — class, archetype, CVSS, confidence. Never your repository.
What counts as a “scan”?
One repository at one commit, through the eight-phase methodology. Open is generous; Pro removes the cap entirely.
Will you auto-submit advisories?
Never. We generate the disclosure package; you file it privately. The gate exists precisely so nothing ships unproven.