Simple, Developer-Friendly Pricing
The CLI is free and open source. Cloud adds team-wide visibility into audit findings, SBOM history, package alerts, and audit evidence.
Open Source
- Full CLI with all detection modules
- Local scanning — unlimited
- MCP config monitoring
- Credential detection
- Community support via GitHub
- MIT licensed
Team
- Everything in Open Source
- Cloud dashboard for team visibility
- Team scan telemetry
- Real-time alerts (Slack, email, webhook)
- 30-day scan history
- Priority support
Enterprise
- Everything in Team
- SSO / SAML integration
- Unlimited scan history
- Dedicated support engineer
- On-premise deployment option
- Custom compliance reports
Book a Demo or Talk Enterprise
Sandtrace Cloud is live for teams that want shared audits, SBOM history, alerting, and compliance evidence around package risk. Tell us how you want to use it and we will help with rollout or enterprise requirements.
Frequently Asked Questions
Is the CLI really free?
Yes. The Sandtrace CLI is MIT licensed and free forever. All detection modules are included. No limits on scans.
What does Cloud add?
Sandtrace Cloud adds team-wide visibility around dependency risk: centralized dashboards, audit history, SBOM timelines, package alerts, and compliance reporting.
Can I self-host the Cloud features?
Enterprise plans include on-premise deployment options. Contact us for details.
How does billing work?
Cloud plans are billed per active developer per month. You only pay for developers or CI workflows that send scan telemetry to the hosted service.
Do you upload every raw event by default?
No. The default cloud path is summary-first: findings, verdicts, package inventory, and metadata. Detailed raw telemetry is not part of the launch product.