Open source is free forever. Small teams ship without paperwork. The enterprise edition adds compliance and the determinism attestor, not your security results.
For individual developers, open-source maintainers, and small projects.
For engineering teams who want every PR scanned, attested, and triaged.
For regulated industries, compliance-bound orgs, and audit-driven teams.
Open source projects under a recognised OSS licence pay nothing on the Team plan. Just write to us.
| Free | Team | Enterprise | |
|---|---|---|---|
| Private repositories | 1 | Unlimited | Unlimited |
| Deterministic-core detectors | ● | ● | ● |
| Oracle-passthrough detectors | ● | ● | ● |
| Incremental analysis | ● | ● | ● |
| Multi-SCM (GH/GL/BB/ADO) | GH only | ● | ● |
| LLM-assisted triage | ○ | ● | ● |
| Signed provenance & attestor | ○ | ○ | ● |
| SAML SSO & SCIM | ○ | ○ | ● |
| Per-customer spec inference | ○ | ○ | ● |
| Audit logs & data residency | ○ | ○ | ● |
| Finding history | 7 days | 30 days | Unlimited |
| Support | Community | Dedicated SE + 99.9% SLA |
Anyone whose commits scanipy analyses in a billing month. Reviewers, bots, and read-only collaborators are free.
Yes. If your project ships under an OSI-approved licence, the Team plan is free for that repository, regardless of contributor count. Email oss@scanipy.com.
Scanipy clones into ephemeral, single-tenant worker containers that are torn down after each scan. The graph and findings persist; the source does not.
Not today. The platform is multi-tenant SaaS. We don't ship a self-hosted runner. We'd rather do one thing well.
An Enterprise-only feature that re-runs every release-gated analysis under pinned spec and environment, asserts the deterministic-core SARIF is byte-identical to the original, and signs the provenance record.
Annual prepay gets you two months free. Switch anytime; we prorate on the way down.
Run scanipy on one repository, for free, forever. Upgrade only if you outgrow it.