Skip to main content
Home

Pricing

Pay for what drifts.

Vibgrate prices per project under governance — not per developer, not per repo. Scan everything for free, get your DriftScore, then pay only for the projects you choose to keep in check.

Estimate your bill

Size your estate — we bill the billable, not the detected

Detected projects under governance10detected
12505007501000
Average project sizeMixed estate×0.22 avg weight
Nano ×1/25Micro ×⅒Small ×⅓Standard ×1

Small services & libraries.

$0
$0
$0
$0
125100300500

Each band's rate per project drops as your estate grows. The filled bar shows where your billable projects land — after micro-project sizing.

10 detected2 billable(2.20 raw)
$0

free forever — up to 10 billable projects

2 × $0$0
Effective rate$0.00 / billable project
That's 10 or fewer billable projects — free, forever, on the Free plan below. A serverless monorepo of tiny functions can sit entirely in the free tier.
Start free, upgrade when ready

The unit

What counts as a project

A project is any independently-versioned unit of software with its own manifest — a service, app or library. Think package.json, a Maven module, go.mod, a Cargo crate, or an Nx / Bazel target. A single repository often contains many.

We detect them automatically and exclude vendored code, node_modules and test fixtures by default. You always see "detected vs governed" and choose what to switch on.

Business unit
Payments
Hierarchical ↑
Application
Checkout
Production3 repos
web-checkoutcheckout-apipay-sdk
Application
Billing
Staging2 repos
billing-svcinvoices
Scan runs per repositoryWhole estate rolls up — exec & CTO views ↑

Micro-project pricing

Not every project is billed the same

A Lambda handler is not the same unit of work as a 200-file service, so we don't charge for it as if it were. Every detected project is automatically sized into one of four tiers and billed as a fraction of a project. We total the fractions across your estate and round down to the nearest whole number — that total is your billable projects.

Nano

×1/25

Billed as a twenty-fifth of a project.

A tiny single-purpose serverless function

Qualifies on any 2 of 3

< 10 source files · < 1 MB source · < 5 dependencies

Micro

×⅒

Billed as a tenth of a project.

A serverless function or tiny micro-service

Qualifies on any 2 of 3

< 20 source files · < 2.5 MB source · < 10 dependencies

Small

×⅓

Billed as a third of a project.

A modest component or library

Qualifies on any 2 of 3

< 30 source files · < 5 MB source · < 25 dependencies

Standard

×1

Billed as a full project.

A normal product service or app

Qualifies on any 2 of 3

Anything larger

How sizing works

  • Three measured signals. Source-file count, source byte size, and declared dependency count — measured automatically on every scan.
  • Any 2 of 3. A project lands in the lowest tier whose limits it meets on at least two of the three signals, so one chatty test folder or one extra dependency never bumps a genuine micro-project.
  • Source code only. Lockfiles, generated files, and vendored / build directories (node_modules, dist, …) are excluded — a big pnpm-lock.yaml can't inflate a tiny project.
  • Always rounded down. 1.9 billable raw is billed as 1. Nine micro-projects (0.9) cost nothing.

Worked example

200 micro × ⅒20.0
27 small × ⅓9.0
20 standard × 120.0
247 detected49.0 raw

247 detected → 49 billable

The legend stays the same everywhere — CLI, dashboard and this estimator: Standard ×1 · Small ×⅓ · Micro ×⅒ · Nano ×1/25.

Billing weight ≠ risk weight

Nano, micro and small projects roll up fully into DriftScores, the portfolio view, and every risk and compliance report. Only the billing fraction is reduced — the CTO dashboard never under-counts risk.

No surprise mid-cycle rises

If a project grows into a higher tier, it keeps its cheaper rate for the rest of the cycle and the new rate starts next cycle, flagged in advance. A project that shrinks gets the cheaper rate right away.

Automatic & measurable

The same three signals are applied to every project on every scan. No manual exceptions, no hidden multipliers, no per-customer overrides, and no tickets to reclassify a project.

Four plans. One free forever.

Scanning and your DriftScore never cost anything. You pay when you want projects watched continuously, gated, and governed.

Free

Scan everything and see where you stand.

$0forever · 1 VCS
Repos
1
VM min / mo
30
scans + migrations

Overage

Start free
  • Includes
  • Scan unlimited repos & projects
  • DriftScore + top-10 findings
  • Shareable board-ready report
  • Up to 10 projects monitored

Team

Keep your team's projects in check over time.

$3.50–6/ project / mo · banded
Repos
10
VM min / mo
1,000
scans + migrations

Overage $0.02/min

Start free
  • Everything in Free, plus
  • Continuous monitoring & trends
  • Full risk register + EOL report
  • Upgrade roadmap & backlog
  • CycloneDX / SPDX export
  • Workflow automations (alert & route)
  • Slack & email alerts
Most teams

Business

Govern drift across the whole portfolio.

$8–15/ project / mo · banded
Repos
50
VM min / mo
5,000
scans + migrations

Overage $0.02/min

Start free
  • Everything in Team, plus
  • Merge gates & drift policies
  • Drift budgets & accountability
  • Portfolio & exec dashboards
  • Remediation hand-off + verify
  • Audit trail & compliance export
  • Push to Cortex / Backstage
  • Multi-VCS

Enterprise

Controls and scale for regulated estates.

Customvolume bands + controls
Repos
Unlimited
VM min / mo
Unlimited
scans + migrations

Overage Custom

Talk to usor book a 20-min demo →
  • Everything in Business, plus
  • Custom build-from-scratch workflows
  • SSO / SAML & SCIM
  • On-prem / VPC deployment
  • Custom policy & support SLA

Compare every capability

Mapped to the full Vibgrate platform — from first scan to continuous governance.

Hover or tap the beside any capability to see what it does and read more in the help centre.

CapabilityFreeTeamBusinessEnterprise
Limits & cloud compute
Repositories under continuous monitoring11050Unlimited
Scan credits / mo5100500Unlimited
MCP tokens / mo10,0002.5M10MUnlimited
Included VM minutes / mo (scans + migrations)301,0005,000Unlimited
VM-minute overage rate (when enabled)$0.02 / min$0.02 / minCustom
Remediation-agent tokens (platform key)$15 / 1MCustom
Analyse & measure
Repository, stack & dependency inventoryIncludedIncludedIncludedIncluded
DriftScore + top-10 prioritised findingsIncludedIncludedIncludedIncluded
Continuous monitoring & historical trendsNot includedIncludedIncludedIncluded
Living SBOM (CycloneDX / SPDX)Not includedIncludedIncludedIncluded
Signed SBOM attestationsNot includedNot includedIncludedIncluded
Risk & roadmap
Full risk register & EOL reportNot includedIncludedIncludedIncluded
Vulnerability prioritisation (SCA / VEX ingest)Not includedIncludedIncludedIncluded
Upgrade roadmap & investment planNot includedIncludedIncludedIncluded
Govern & automate
Workflow automations (alert & route)Not includedIncludedIncludedIncluded
Automated remediation workflowsNot includedNot includedIncludedIncluded
Custom (build-from-scratch) workflowsNot includedNot includedNot includedIncluded
Merge gates & drift policiesNot includedNot includedIncludedIncluded
Drift budgets & team accountabilityNot includedNot includedIncludedIncluded
Remediation hand-off + verificationNot includedNot includedIncludedIncluded
Portfolio & board-level dashboardsNot includedNot includedIncludedIncluded
Push to IDP (Cortex / Backstage) · multi-VCSNot includedNot includedIncludedIncluded
Audit trail & compliance exportNot includedNot includedIncludedIncluded
Controls
SSO / SAML, on-prem, SLANot includedNot includedNot includedIncluded

Questions, answered plainly

No. Most of Vibgrate's work runs automatically in CI, where seats are irrelevant — charging per developer would mean paying for people who never log in. We charge per project under governance, with unlimited seats included.

Every plan reports compliance posture

DORA, CRA, ISO 27001, SOC 2, NIST, PCI DSS, FedRAMP and CMMC — see exactly which control areas Vibgrate assesses, framed honestly as readiness signals (not an attestation).

View compliance posture

Get your DriftScore in minutes.

Install the CLI, run a scan, see exactly how far behind your estate has drifted.