MergeBase Pricing

Don’t let third party vulnerabilities run wild

Most of what you’re running comes from third-parties. Do you know what’s in their code? Your DevOps teams need the tools to know what new threats you are running.

Use the SCA platform with the lowest false positives and the most remediation options. The only SCA tool with run-time protection, respond within seconds to a threat like log4j with CVE-2021-44228.

MergeBase Security graphic
Team size: 5


-- per month

38 per user

  • (in addition to Free)
  • CI/CD integrationIntegrates with your build pipeline of choice:
    Jenkins, Travis, TeamCity, Codeship, Azure DevOps, GitLab, Bamboo…
  • License analysis Checks your open source licenses for policy conformance.
  • Container scanning Analyses your Docker containers for vulnerabilities.
    Including application vulnerabilities for Java and .NET.
  • Run-time monitoring Assess your real, production, risks with one glance.
    Also get alerted when vulnerable code is accessed ar run-time,
    Always stay a step ahead of adversaries.
  • Jira / Boards integration Create meaningful tickets on the fly.
    Streamlines your vulnerability management process.
  • Email support


-- per month

-- per user

  • (in addition to Team)
  • SBOM support Generates SBOM for all source projects.
    Reverse engineer Java binaries and create an SBOM
  • SIEM integrationIntegrate with enterprise SIEM tools like,
    IBM QRadar, Splunk…
  • Custom policiesSet your own policy levels to
    streamline reporting and analysis.
  • Slack and Teams Lightweight notifications for all your teams.
    Using either Slack or Microsoft Teams.
  • Email support


Custom Pricing
  • (in addition to Business)
  • Run-time blocking Stop access to vulnerabilities at run-time.
    Quickly eliminate risk from a large set of complex Java systems
  • SSO Single sign on through OKTA, Cognito, Microsoft, OneLogin, Google…
  • On-prem option Run MergeBase in your private cloud or data centers
  • Auto PR Automatically fix vulnerabilities and create PR’s.
    Maximize your developers time for productive work.
  • Dedicated support

You can also access our free developer version to find and fix open source vulnerabilities in your environment.

  • All prices in USD
  • Team size is the total number of employees or contractors who accesses MergeBase, or commits changes to the appplications scanned or monitored.

Discover More from MergeBase

Open Source Protection

Stay on top of the real risk of open source at any time.

Avoid false positives and get sophisticated upgrade guidance based on risk, compatibility, and popularity.

More on Continuous Protection

Add Dynamic Application Hardening

Detect and defend against known-vulnerabilities at runtime. The only SCA to do so.

The quickest way to respond to an imminent threat like log4j with CVE-2021-44228.

More on Runtime

Shift Left Now

MergeBase directly integrates with Github and Bitbucket to provide an early warning system for your in-house development

Product Overview