MergeBase Pricing

Don’t let third party vulnerabilities run wild

Most of what you’re running comes from third-parties. Do you know what’s in their code? Your DevOps teams need the tools to know what new threats you are running.

Use the SCA platform with the lowest false positives and the most remediation options. The only SCA tool with run-time protection, respond within seconds to a threat like log4j with CVE-2021-44228.

MergeBase Security graphic
Team size: 5


-- per month

38 per user

  • (in addition to Free)
  • CD/CI integrationIntegrates with your build pipeline of choice:
    Jenkins, Travis, TeamCity, Codeship, Azure DevOps, GitLab, Bamboo...
  • License analysis Checks your open source licenses for policy conformance.
  • Container scanning Analyses your Docker containers for vulnerabilities.
    Including application vulnerabilities for Java and .NET.
  • Run-time monitoring Assess your real, production, risks with one glance.
    Also get alerted when vulnerable code is accessed ar run-time,
    Always stay a step ahead of adversaries.
  • Jira / Boards integration Create meaningful tickets on the fly.
    Streamlines your vulnerability management process.
  • Email support


-- per month

-- per user

  • (in addition to Team)
  • SBOM support Generates SBOM for all source projects.
    Reverse engineer Java binaries and create an SBOM
  • SIEM integrationIntegrate with enterprise SIEM tools like,
    IBM QRadar, Splunk...
  • Custom policiesSet your own policy levels to
    streamline reporting and analysis.
  • Slack and Teams Lightweight notifications for all your teams.
    Using either Slack or Microsoft Teams.
  • Email support


Custom Pricing
  • (in addition to Business)
  • Run-time blocking Stop access to vulnerabilities at run-time.
    Quickly eliminate risk from a large set of complex Java systems
  • SSO Single sign on through OKTA, Cognito, Microsoft, OneLogin, Google...
  • Offline mode (air-gap) MergeBase can operate in the most secure locations, even on air-gapped systems.
  • On-prem option Run MergeBase in your private cloud or data centers
  • Auto PR Automatically fix vulnerabilities and create PR's.
    Maximize your developers time for productive work.
  • Dedicated support

You can also access our free developer version to find and fix open source vulnerabilities in your environment.

* all prices in USD

Discover More from MergeBase

Open Source Protection

Stay on top of the real risk of open source at any time.

Avoid false positives and get sophisticated upgrade guidance based on risk, compatibility and popularity.

More on Continuous Protection

Add RunTime Protection

Detect and defend against known-vulnerabilities at runtime. The only SCA to do so.

The quickest way to respond to an imminent threat like log4j with CVE-2021-44228.

More on Run-time Protection

Shift Left Now

CodeGreen is an early-warning defence for your in-house development and integrates directly into GitHub and BitBucket

More on BitBucket and Github apps