Simple, honest pricing

Start free. Upgrade when you need history, private repos, or team features.

Free

$0 / forever

For individuals and open source projects.

  • 1 organisation
  • Unlimited local scans
  • 50 API ingests / month
  • 30-day score history
  • Public repos only
  • Live score badge
  • GitHub Actions integration
  • REST API access
  • Private repo scanning
  • Slack / email alerts
  • Priority support
Get API Key →
Most popular

Pro

$19 / month

For teams that care about security posture over time.

  • Up to 5 organisations
  • Unlimited local scans
  • Unlimited API ingests
  • 1-year score history
  • Private & public repos
  • Live score badge
  • GitHub Actions integration
  • REST API access
  • Slack & email alerts
  • Weekly score trend reports
  • Priority email support

Pro is launching soon — join the waitlist:

Enterprise

Custom

For orgs with compliance or self-hosting requirements.

  • Unlimited organisations
  • Unlimited scans & history
  • Private & public repos
  • Self-hosting support
  • SSO / SAML integration
  • Custom rule packs
  • Audit log
  • SLA guarantee
  • Dedicated Slack channel
  • Security review call
  • Invoice billing
Contact us →

Frequently asked questions

Is the Free plan really free forever?

Yes. The scanner itself is MIT-licensed open source — you can always run it locally for free. The hosted API free tier covers 50 ingests per month with 30 days of history.

What counts as an "API ingest"?

One POST /v1/ingest call — typically one CI run. A mono-repo that scans once per commit counts as one ingest per commit, regardless of findings.

Can I self-host?

Absolutely. The full stack (FastAPI + PostgreSQL + nginx) is one docker compose up. Self-hosted instances have no usage limits. Enterprise adds a support contract.

Does my IaC leave my network?

On the hosted API, we receive the scan payload (findings, file paths, snippets). If that's a concern, self-host. No IaC is ever shared with third parties or used for training.

What IaC formats are supported?

Terraform, Kubernetes YAML, CloudFormation, and Dockerfiles. Pulumi, Ansible, and Bicep are on the roadmap. See the docs for details.

How do I upgrade or cancel?

Email hello@misconfig.dev. Pro plans are month-to-month with no commitment. Cancel any time and keep your data for 30 days.