Skip to main content

Pricing

OSS
 
$0 / forever
Agentic whitebox pentester
Any repo, public or private
Self-run: you host it
No seat or usage caps
Community support on Discord
Try Shannon now
Most Popular
Pro
From
$50 / dev / mo
The managed platform
Agentic whitebox pentester
Agentic SAST
Secrets scanning
Unified findings dashboard
SSO / SAML, RBAC, audit logs
Jira & CI/CD integrations
Unlimited repos & usage (BYOK)
Email & Slack support
Available add-ons
Blackbox pentester
SCA
IaC + container scanning
Remediation
Schedule a Technical Demo
Enterprise
 
Custom
Everything in Pro, all add-ons included
Flat annual fee: predictable, volume-discounted
Self-hosted & air-gapped, no price uplift
Dedicated SE, QBRs & white-glove onboarding
Custom SLA, Security Patch SLA & DPA
Talk to sales
Pro add-ons · included on Enterprise
Blackbox Pentester

Unlimited agentic black-box pentests, with validated, working exploit proofs.
SCA

Software composition analysis: flags known-vulnerable and risky dependencies.
IaC + Container Scanning

Misconfigurations in infrastructure-as-code and container images.
Remediation

Agentic auto-fix that opens reviewable pull requests.

Compare Plans

Feature comparison across Keygraph plans
Shannon OSS
Free, self-run
Pro
From $50 / dev / mo
Enterprise
Custom
Continuous AppSec coverage
Agentic SAST & Whitebox PentestingFinds exploitable vulnerabilities, not just pattern matches.Whitebox
Business Logic Security TestingIdentifies workflow and authorization flaws traditional tools miss.
Secrets ScanningCommitted credentials, tokens, keys.
Agentic Blackbox PentestingSimulates real attacker behavior against running applications.Add-on
SCA · Supply chainDependency and supply-chain risk.Add-on
IaC ScanningTerraform, CloudFormation, Kubernetes manifests.Add-on
Container ScanningImage and runtime configuration.Add-on
Remediation (agentic auto-fix)Opens reviewable pull requests from confirmed findings.Add-on
Unified findings & workflow
Single findings layerUnified across all scanners. One queue, one triage model.
Severity calibrationTunable to your risk model and asset criticality.
Ticketing & chat integrationJira, GitHub, GitLab, Azure DevOps, Slack.
RBAC with role hierarchyGranular permissions per project, scanner, and finding action. Inherit roles from your IdP groups.
Dedicated audit log tabEvery scan, finding mutation, status change, suppression, role grant, and integration call recorded with actor, timestamp, source IP, and diff. Searchable, filterable, and exportable.
SSO via SAML 2.0 or OIDCProvisioning, de-provisioning, and group mapping inherit from identity.
Deployment & compliance
Your code never trains our modelInference runs under your own key. Code and findings are never used for training.
Data export & deletionExport or delete your data on request.
Self-hosted & air-gappedRun entirely in your own environment, with no price uplift.Self-run
SOC 2 Type IIReport available under NDA.
Data Processing Addendum (DPA)Standard DPA available for signature.
EU data residency availabilityEU-region data storage.
License & service
Unlimited scansAll scanners, all findings, no per-scan quotas.
BYOK across the stackBring your own keys for infrastructure and AI providers.
Community supportDiscord community.
Email & Slack supportBusiness-hours response.
Customer engineerA single point of contact, embedded with your team.
Quarterly business reviewsUsage, findings, and roadmap alignment, every quarter.
24x7 supportCustom SLAs written directly into your contract.
White-glove onboardingTypically 4 to 8 weeks, end to end.
Full audit log retentionJSON/CSV export for SIEM ingestion and compliance evidence.

FAQ

Common questions from security and engineering teams.

How is our source code stored and used, and can Keygraph be self-hosted?

Your source code is never used to train any model, and inference runs under your own key. Scans run in isolated, ephemeral containers that clone your repository into memory, execute, then terminate and wipe the working copy; the full source tree is never persisted. Keygraph retains only the findings, their analysis metadata, and the short snippets required to render and deduplicate them, all encrypted at rest. Every scan uses read-only scopes; the only capability that requests write access is code remediation, which is opt-in per finding and delivered as a reviewable pull request, never pushed directly to your branches. Two deployment models are available: self-hosted, running the entire platform within your VPC, on-premises, or air-gapped infrastructure under your own LLM key so that code never leaves your perimeter; and managed cloud, with per-organization isolated infrastructure and ephemeral code handling. Fully network-isolated installations with no outbound calls are supported, and any optional egress can be disabled.

How are billable developer seats counted?

Billing is per active developer, identified by source-control identity rather than commit email, so that merges routed through a release bot do not drop the people who wrote or reviewed the code. A seat is any person who contributed code (a commit, pull request, merge, or push) to a monitored private repository within the trailing 90 days and who still has source-control access; the window rolls and is recomputed monthly. Public, archived, and forked repositories are never counted. Each person maps to a single seat, deduplicated across email addresses, accounts, organizations, and entities, including separate contracts. The following are never billed: bots, CI/CD, service accounts, and GitHub Apps; read-only users, product managers, auditors, executives, and dashboard-only users; anyone who has lost source-control access, including former staff; and anyone working solely in public or open-source repositories. Counts reconcile automatically in both directions, monthly on self-service plans and quarterly on annual plans, so that departed contributors age off and sustained decreases are returned as account credit.

How does Keygraph control false positives?

Signal quality is a core design goal. Every static finding passes through an LLM verification phase, after which the findings worth proving are routed to autonomous penetration-testing agents that attempt to exploit them against your running application. Only findings that successfully execute reach the final report, each accompanied by a reproducible exploit, the endpoint, the payload, and the response, which keeps the false-positive rate near zero. A finding can be marked as a false positive once, and every subsequent scan flags recurrences so that they no longer appear.

Which language models are supported, and can we use our own key?

Yes. Token usage is pass-through: your code is sent directly to your model provider under your existing terms, and tokens never traverse Keygraph. The open-source Shannon engine runs on Claude via an Anthropic API key, or through AWS Bedrock or Google Vertex AI. Self-hosted and enterprise deployments additionally support Azure OpenAI, OpenAI, and any Anthropic-compatible endpoint you operate.

How does Keygraph differ from traditional SAST and DAST tools, and from Semgrep, Snyk, GitHub Advanced Security, and XBOW?

Traditional SAST relies on pattern and regular-expression matching. Keygraph replaces that with LLM-powered code comprehension: a Code Property Graph spanning the abstract syntax tree, control flow, and data flow, with an LLM reasoning at every node. It infers your application’s business invariants to identify where they break, and detects secrets that do not match known patterns while excluding test fixtures and examples. The primary differentiator is static-dynamic correlation: rather than flagging a theoretical issue, Keygraph exploits it against the live application and reports only what is proven exploitable, in a single correlated result set. Detailed comparisons are available for Semgrep, GitHub Advanced Security, and XBOW.

Which integrations are supported across source control, CI/CD, SSO, and ticketing?
Source control
GitHub GitLab Bitbucket Azure DevOps
Container registries
Docker Hub GitHub Container Registry Amazon ECR Google Artifact Registry
Cloud
AWS Google Cloud Azure
SSO & identity
Okta Microsoft Entra ID Auth0 OneLogin
Ticketing
Jira

SSO and CI/CD. SAML 2.0 or OIDC with SCIM provisioning for any standards-compliant identity provider; a CLI plus REST and webhook APIs drop into any pipeline.

What does a proof of concept involve, and is it free?

Yes, and it is not time-limited. A proof of concept consists of a complimentary scan together with one whitebox and one blackbox penetration test, on one or two repositories of your choosing, run under your own keys so that your code remains in your environment. Scope is defined jointly with our team, so a 30-minute session with an engineer is the starting point. Separately, the open-source Shannon engine is free and fully self-service at any time, with no sign-up or account required: install it with npx, provide your own Anthropic key (or AWS Bedrock or Google Vertex AI), and point it at your application URL and repository from the CLI (Docker and Node 18+ required).

Billing

How active-developer seats are counted, billed, and audited.

Why per developer

Risk is introduced by change, and change is made by developers. Billing follows the rate at which new code is produced, not the volume of code at rest.

Tracks actual risk. A repository that is not modified introduces no new vulnerabilities. Per-developer pricing tracks where new risk originates, not the size of the codebase.

Industry standard. GitHub Advanced Security, Snyk, and Semgrep all bill per active developer. The unit matches how you already count seats.

Unlimited usage

You pay for seats, not usage. Inference runs under your own LLM key, so scans, penetration tests, and tokens are never metered.

Bring your own key. Connect your own LLM provider. Inference runs under your key, not ours.

Pay your provider directly. Compute is billed by your LLM provider, not by Keygraph, so usage has no ceiling.

Never metered or capped. Scans, penetration tests, and tokens are never metered, capped, or counted toward the bill.

Why BYOK

Your keys, your provider, your data boundary. Inference runs under your own account, so code is sent only to the model provider you designate, never to a Keygraph-controlled or shared model, and no AI subprocessor sits in the path.

No Keygraph markup. You pay your provider directly at their token rates. Keygraph does not meter or resell inference, so the bill carries no usage-based line item.

Your choice of model. Claude through an Anthropic key, AWS Bedrock, or Google Vertex AI; self-hosted and enterprise add Azure OpenAI, OpenAI, and any Anthropic-compatible endpoint. Route the right model as price and quality shift, rather than being locked to one.

Tokens are only one part. Operating AI scanning is orchestration, caching, and deduplication, not raw tokens alone.

Backlog discovery. Frontier models surface buried vulnerabilities, and so can attackers and auditors, so finding them first matters. With usage uncapped under BYOK, the question is how often you can scan every repository, not whether AI can find the issues.

Forward prevention. Backlog scans cover only existing risk. New pull requests and active repositories need continuous coverage, catching fresh issues while developers still hold the context to fix them.

Active and stale repos. Active repositories drive most scanning, while stale ones still need periodic coverage for newly disclosed vulnerability classes. Keygraph scopes each so coverage does not become wasted spend.

Operational controls. Provider limits, key management, budgets, retries, and failed scans all need an owner. Keygraph runs that control plane, so BYOK never becomes another platform to operate.

From output to resolved risk. Model output still needs routing, prioritization, suppression, and fix context in the developer workflow, or token spend becomes alert volume instead of resolved risk.

The seat

A seat is a person who changed a monitored repository and still has access. Bots, read-only users, and anyone who has lost access are excluded.

Billed. Developers who authored or reviewed code in monitored private repositories in the last 90 days, and contractors who contributed and still have access.

Never billed. Bots, CI/CD, service accounts, and GitHub Apps; read-only users, product managers, auditors, executives, and dashboard-only users; anyone who has lost source-control access, including former staff; and anyone working only in public or open-source repositories.

Definitions

Definitions for the terms used in your contract. Each one is used to compute the seat count.

Seat / Billable Developer. A person who contributed to a monitored private repository and still has access. Referred to as a “Billable Contributor” in the contract.

Lookback. A rolling 90 days, recomputed monthly.

Measurement date. The date on which seats are counted for invoicing, renewal, or a true-up.

Monitored repository. A private repository connected for scanning. Public, archived, and forked repositories are never counted.

Contribution. A commit, pull request, merge, or push of code, configuration, IaC, dependencies, manifests, lockfiles, or scripts.

The rules

Counting rules are applied consistently and conservatively. Each person maps to a single seat, and ambiguous cases are not double-counted.

One person, one seat. Deduplicated across email addresses, accounts, organizations, and entities, including separate contracts.

SCM identity, not commit email. Merges routed through a release bot do not drop the people who wrote or reviewed the code.

Current access required. Historical commits alone do not create a seat.

90-day rolling window. Departed contributors age off automatically at the next monthly recompute.

Per person, not per repository. A monorepo with 500 committers is billed per person.

Ambiguous cases excluded. Unresolved commits are held out of the count and counted at most once.

True-ups

A single invoice line that adjusts in both directions. Seats multiplied by your rate, reconciled on a set schedule and trued up or down as your team changes.

On your invoice. A single line: active-developer seats × your rate. No usage line items.

Reconciliation. Monthly on self-service plans; quarterly on annual plans.

±15% drift band. Routine week-to-week movement is absorbed without repricing.

Trues up and down. Sustained decreases, such as layoffs, are returned as account credit at the next quarterly true-up rather than held until renewal.

Overages. Reconciled at your seat rate in arrears; service is not blocked. A block-until-upgrade option is available on request.

Budget alerts. An advance alert identifies the seats driving any projected increase. There is no hard cap by default, and the bill does not increase without notice.

Audit & self-hosted

The count is verifiable and disputable. Export it, flag a miscount, or run Keygraph self-hosted and report seats by attestation.

Export anytime. Includes masked identity, the repositories that count each person, last-contribution date, and current-access status.

30-day dispute window. Flag a miscount within 30 days and duplicates, bots, and removed users are corrected.

Self-hosted & air-gapped. Counted by attestation rather than telemetry. You attest to a contracted developer group and self-certify annually.

Same price, no access. Keygraph cannot reach your environment, code, or systems, and self-hosted is priced the same as cloud.