MergeBase Pricing

Don’t let third party vulnerabilities run wild!

Most of what you’re running comes from third-parties. Do you know what’s in their code? Your DevOps teams need the tools to know what new threats you are running.

Use the SCA platform with the lowest false positives and the most remediation options. The only SCA tool with Dynamic Application Surveillance and Hardening, respond within seconds to a threat like log4j with CVE-2021-44228.

MergeBase Security graphic

Experience our honest and upfront pricing, free of any hidden fees.

Contact us now for a personalized pricing plan designed for your unique needs.

Team size: 5


-- per month

38 per active developer

  • CI/CD integration Integrates with your build pipeline of choice:
    Jenkins, Travis, TeamCity, Codeship, Azure DevOps, GitLab, Bamboo…
  • License analysis Checks your open source licenses for policy conformance.
  • Container scanning Analyses your Docker containers for vulnerabilities.
    Including application vulnerabilities for Java and .NET.
  • Jira / Boards integration Create meaningful tickets on the fly.
    Streamlines your vulnerability management process.
  • Email support


-- per month

-- per active developer

  • (in addition to Team)
  • SBOM support Generates SBOM for all source projects.
    Reverse engineer Java binaries and create an SBOM
  • SIEM integration Integrate with enterprise SIEM tools like,
    IBM QRadar, Splunk…
  • Custom policies Set your own policy levels to
    streamline reporting and analysis.
  • Slack and Teams Lightweight notifications for all your teams.
    Using either Slack or Microsoft Teams.
  • Technical Debt Analysis Reduce the applications technical debt.
    Identify libraries that need to be updated, or that are obsolete
  • Email support


Custom Pricing
  • (in addition to Business)
  • Dynamic Hardening Shrink the applications attack surface and stop access to vulnerabilities at runtime.
    Quickly eliminate risk from a large set of complex Java systems
  • Run-time monitoring Assess your real, production, risks with one glance.
    Also get alerted when vulnerable code is accessed ar runtime,
    Always stay a step ahead of adversaries.
  • SSO Single sign on through OKTA, Cognito, Microsoft, OneLogin, Google…
  • On-prem option Run MergeBase in your private cloud or data centers
  • Auto PR Automatically fix vulnerabilities and create PR’s.
    Maximize your developers time for productive work.
  • Dedicated support

  • All prices in USD
  • Team size is the total number of employees or contractors who accesses MergeBase, or commit changes to the appplications scanned or monitored.

Discover More from MergeBase

Open Source Protection

Stay on top of the real risk of open source at any time.

Avoid false positives and get sophisticated upgrade guidance based on risk, compatibility, and popularity.

More on Continuous Protection

Add Dynamic Application Surveillance and Hardening

Detect and defend against known-vulnerabilities at runtime. The only SCA to do so.

The quickest way to respond to an imminent threat like log4j with CVE-2021-44228.

More on Runtime

Shift Left Now

MergeBase directly integrates with Github and Bitbucket to provide an early warning system for your in-house development

Product Overview