MergeBase Pricing

Don’t let third party vulnerabilities run wild
Most of what you’re running comes from third-parties. Do you know what’s in their code? Your DevOps teams need the tools to know what new threats you
are running. Use the platform with the lowest false positives and most remediation options, fix fast!

Team size: 5


-- per month

38 per user

  • (in addition to Free)
  • CD/CI integrationIntegrates with your build pipeline of choice:
    Jenkins, Travis, TeamCity, Codeship, Azure DevOps, GitLab, Bamboo...
  • License analysis Checks your open source licenses for policy conformance.
  • Container scanning Analyses your Docker containers for vulnerabilities.
    Including application vulnerabilities for Java and .NET.
  • Run-time monitoring Assess your real, production, risks with one glance.
    Also get alerted when vulnerable code is accessed ar run-time,
    Always stay a step ahead of adversaries.
  • Jira / Boards integration Create meaningful tickets on the fly.
    Streamlines your vulnerability management process.
  • Email support


-- per month

-- per user

  • (in addition to Team)
  • SBOM support Generates SBOM for all source projects.
    Reverse engineer Java binaries and create an SBOM
  • SIEM integrationIntegrate with enterprise SIEM tools like,
    IBM QRadar, Splunk...
  • Custom policiesSet your own policy levels to
    streamline reporting and analysis.
  • Slack and Teams Lightweight notifications for all your teams.
    Using either Slack or Microsoft Teams.
  • Email support


  • (in addition to Business)
  • Run-time blocking Stop access to vulnerabilities at run-time.
    Quickly eliminate risk from a large set of complex Java systems
  • SSO Single sign on through OKTA, Cognito, Microsoft, OneLogin, Google...
  • Offline mode (air-gap) MergeBase can operate in the most secure locations, even on air-gapped systems.
  • On-prem option Run MergeBase in your private cloud or data centers
  • Auto PR Automatically fix vulnerabilities and create PR's.
    Maximize your developers time for productive work.
  • Dedicated support

You can also access our our free developer version to find and fix open source vulnerabilities in your environment.

Discover More from MergeBase

Core Product

BuildGreen is a powerful solution for identifying the real risk of open source at build time or in existing applications

Learn how BuildGreen can protects your Enterprise

Add RunTime Protection

RunGreen detects and defends against known-vulnerabilities at runtime.

Learn why Runtime Protection Matters

Optional Developer Add-on

CodeGreen is an early-warning defence for your in-house development and integrates directly into code repositories

Quick Start - For Free