Deepfactor Application Security Platform Pricing

Help security and engineering teams correlate static scans with runtime analysis, and prioritize vulnerabilities based on true usage.

DEV

PROD

$15/mo

For 1-100 contributing developers*

OSS Dependencies

Scan and prioritize vulnerabilities in third-party dependencies

  • OSS dependency scans
  • Monitor license compliance
  • Software Bill of Materials (SBOM) in SPDX and CycloneDX formats
  • EOL components
  • Exploitability with EPSS and CISA KEV
  • Transitive vs. direct vulnerabilities
  • Remediation guidance with fixed-in versions
  • Risk vs. Effort mapping
  • CI integration and gating builds
  • Policies for generating alerts
Request a Quote Request a Quote

$15/mo

For 1-100 contributing developers*

Container Scans

Scan and prioritize vulnerabilities in container images

  • Container scans
  • Monitor license compliance
  • Software Bill of Materials (SBOM) in SPDX and CycloneDX formats
  • Vulnerabilities per container layer
  • Base layer vulnerabilities
  • EOL components
  • Exploitability with EPSS and CISA KEV
  • Remediation guidance with fixed-in versions
  • Risk vs. Effort mapping
  • CI integration and gating builds
  • Policies for generating alerts
Request a Quote Request a Quote

$20/mo

For 1-100 contributing developers*

Runtime SCA

Prioritize SCA findings based on correlation with runtime usage behavior and reachability; identify reachable and used OSS dependencies and OS packages.

  • Runtime dependency usage: View which classes/files are used within each OSS dependency at runtime.
  • Runtime container usage: View which shared objects/ executables are used within OS packages at runtime.
  • Venn diagram showing which vulnerable components are used/ unused and reachable at runtime
  • Works with popular third-party SCA tools  such as Snyk, Synopsys Black Duck, Sonatype, Mend, and others
Request a Quote Request a Quote

*A contributing developer is any active contributor to the project you are securing with Deepfactor who has made at least one commit in the last 90 days.

$15/mo

For 1-100 contributing developers*

Kubernetes SCA

Detect vulnerable, exploitable, and reachable containers in K8s clusters and namespaces

  • Kubernetes webhook to scan pods
  • Automatic SCA/SBOM scans of K8s workloads
  • Search and filter high-risk K8s pods based on CVSS, EPSS, CISA KEV, reachability, and more
Request a Quote Request a Quote

$20/mo

For 1-100 contributing developers*

Container Runtime Security

Detect insecure file, network, and memory behavior to identify unknown vulnerabilities and achieve compliance with SOC2 Type 2 and other frameworks.

  • Runtime analysis during dev, test, and prod to detect insecure application behaviors across network, file, process, and memory activity
  • Configure rules based on expected application behavior; alerts delivered when anomaly discovered
  • Remediation guidance with stack trace information
  • Mapping of security risks to compliance violations for PCI DSS, SOC2 Type 2 and NIST 800-53
Request a Quote Request a Quote

*A contributing developer is any active contributor to the project you are securing with Deepfactor who has made at least one commit in the last 90 days.

  • DEV (3 Products) Scan and Prioritize Risks in Code and Containers

    $15/mo

    For 1-100 contributing developers*

    OSS Dependencies

    Scan and prioritize vulnerabilities in third-party dependencies

    • OSS dependency scans
    • Monitor license compliance
    • Software Bill of Materials (SBOM) in SPDX and CycloneDX formats
    • EOL components
    • Exploitability with EPSS and CISA KEV
    • Transitive vs. direct vulnerabilities
    • Remediation guidance with fixed-in versions
    • Risk vs. Effort mapping
    • CI integration and gating builds
    • Policies for generating alerts
    Request a Quote Request a Quote

    $15/mo

    For 1-100 contributing developers*

    Container Scans

    Scan and prioritize vulnerabilities in container images

    • Container scans
    • Monitor license compliance
    • Software Bill of Materials (SBOM) in SPDX and CycloneDX formats
    • Vulnerabilities per container layer
    • Base layer vulnerabilities
    • EOL components
    • Exploitability with EPSS and CISA KEV
    • Remediation guidance with fixed-in versions
    • Risk vs. Effort mapping
    • CI integration and gating builds
    • Policies for generating alerts
    Request a Quote Request a Quote

    $20/mo

    For 1-100 contributing developers*

    Runtime SCA

    Prioritize SCA findings based on correlation with runtime usage behavior and reachability; identify reachable and used OSS dependencies and OS packages.

    • Runtime dependency usage: View which classes/files are used within each OSS dependency at runtime.
    • Runtime container usage: View which shared objects/ executables are used within OS packages at runtime.
    • Venn diagram showing which vulnerable components are used/ unused and reachable at runtime
    • Works with popular third-party SCA tools  such as Snyk, Synopsys Black Duck, Sonatype, Mend, and others
    Request a Quote Request a Quote

    *A contributing developer is any active contributor to the project you are securing with Deepfactor who has made at least one commit in the last 90 days.

  • PROD (2 Products) Detect and Monitor Risks at Runtime

    $15/mo

    For 1-100 contributing developers*

    Kubernetes SCA

    Detect vulnerable, exploitable, and reachable containers in K8s clusters and namespaces

    • Kubernetes webhook to scan pods
    • Automatic SCA/SBOM scans of K8s workloads
    • Search and filter high-risk K8s pods based on CVSS, EPSS, CISA KEV, reachability, and more
    Request a Quote Request a Quote

    $20/mo

    For 1-100 contributing developers*

    Container Runtime Security

    Detect insecure file, network, and memory behavior to identify unknown vulnerabilities and achieve compliance with SOC2 Type 2 and other frameworks.

    • Runtime analysis during dev, test, and prod to detect insecure application behaviors across network, file, process, and memory activity
    • Configure rules based on expected application behavior; alerts delivered when anomaly discovered
    • Remediation guidance with stack trace information
    • Mapping of security risks to compliance violations for PCI DSS, SOC2 Type 2 and NIST 800-53
    Request a Quote Request a Quote

    *A contributing developer is any active contributor to the project you are securing with Deepfactor who has made at least one commit in the last 90 days.

Bundle All 5 Products

Includes all Deepfactor products and capabilities

$75/mo

For 1-100 contributing developers*

For 100+ contributing developers, or a multi-year discount, please request a quote.

Enterprise Product Suite for 100+ contributing devs

For teams larger than 100 contributing developers, Deepfactor offers volume and multi-year discounts.