Simple, transparent pricing
Start free. Upgrade when your team needs CI/CD gates and compliance scanning.
Free
For individual developers exploring cross-service security.
- 3 projects
- 10 scans per month
- 5 specs per project
- SARIF output
- CLI tool
- Community support
Pro
For teams shipping microservices to production.
- Unlimited projects
- Unlimited scans
- Unlimited specs
- CI/CD integration
- GitHub Action
- Compliance scanning
- Team seats (up to 10)
- Priority support
- Custom rules
Enterprise
For organizations with advanced security requirements.
- Everything in Pro
- SSO / SAML
- Custom rule authoring
- SLA guarantee
- Dedicated support engineer
- On-prem deployment option
- Audit logging
- SOC 2 compliance reports
All plans include:
Frequently asked questions
What counts as a project?
A project is a collection of service specs that form one logical system. If you have a checkout flow with 5 microservices, that's one project.
What spec formats do you support?
OpenAPI 3.x, gRPC protobufs (.proto), and AsyncAPI definitions. We also support direct PostgreSQL schema introspection for shared databases.
How does CI/CD integration work?
We provide a GitHub Action and CLI tool. Add vulngraph to your pipeline, point it at your specs, and it fails the build if new cross-service vulnerabilities are introduced.
Is my code sent to your servers?
No. VulnGraph analyzes API specifications and interface definitions, not your source code. Specs are processed in-memory and never stored.
What output formats do you support?
SARIF 2.1.0 is the primary output format, which integrates with GitHub Code Scanning, VS Code, and most SIEM tools. JSON and human-readable text are also available.
Can I try Pro features before committing?
Yes. Pro comes with a 14-day free trial. No credit card required to start.