Q. Can I take only one product?
Yes. Each product stands on its own at €189/mo + €0.50 per completed run. You can also enable Security scans on some repos and Code review on others — toggle is per-repo.
// pricing
Repository-aware review for
Talk to us
Repository-aware review for
every pull request. Starts at €189/mo.
One workspace for Security scans and Code review — repository-aware review infrastructure, not per-seat tooling. Pricing scales with protected code changes, not seats or repositories. Accessible for engineering teams without enterprise procurement cycles. Free 14-day trial, no card.
Used on repositories processing 2,000+ code changes monthly.
// pricing model
No seat-based pricing
No per-repo fees
Unlimited team members
Pay per completed review
// free trial
Start free trial
14 days, both products available
One workspace, one repo, full detection libraries on both Security scans and Code review. No card required, no auto-renewal. Decide at the end which side (or both) you keep.
// security scans
Security scans
Repository-aware security on every diff — vulnerabilities, broken fixes, exploitability.
€189/ month
+ €0.50 per completed security review · failed runs not billed
- Unlimited repositories & team members
- Full detection library — backend, frontend, infra
- Per-repo severity tuning & suppression memory
- GitLab + GitHub webhooks · CI mode · manual
- Inline comments on the diff with verdicts (pass/warn/fail)
- Per-scan audit trail — SOC 2, ISO 27001, PCI-DSS evidence
- MCP server — connect Cursor or any AI agent via
/api/mcp - Email support · 1 business day SLA
// code review
Code review
Architecture, conventions, and quality on every PR — with repository memory.
€189/ month
+ €0.50 per completed code review · failed runs not billed
- Unlimited repositories & team members
- Per-repo rulebook & tone tuning
- Inline review threads on every diff line — one per remark
- "Suppress" chip on every thread; per-repo memory of accepted false positives
- Auto-resolves GitLab discussion when the team agrees a remark is fine
- Verdicts:
clean/remarks - MCP server — connect Cursor or any AI agent via
/api/mcp - Email support · 1 business day SLA
Bundle — both products on one workspace
Same single Stripe invoice, one base, both meters. Buy them together and you save €89/mo over taking each side separately.
- Everything in Security scans + everything in Code review
- Single workspace, single onboarding, single audit trail
- Per-repo toggle: enable scans only, reviews only, or both — by repository
- Unified dashboard & security report show both pipelines side-by-side
- MCP server included — one endpoint, both products accessible to your AI agent
Enterprise — high-volume, self-hosted, custom contract
From 2,000 completed reviews / month (across either product) the per-review rate drops. Self-hosted GitLab fleets, SSO/SCIM (on roadmap), DPA, security questionnaires, dedicated account contact, auditor-ready evidence export — SOC 2 CC7.1 / CC8.1, ISO 27001 A.14.2, PCI-DSS 6.3.
€
How billing works.
The flat monthly base covers the platform — webhook hosting, infrastructure, dashboards, audit trail. Coverage then scales with completed work: each completed run adds €0.50 on a single-product plan. On the bundle, when both pipelines fire on the same diff (a "combined run"), you pay €0.75 for both — not €0.50 + €0.50 = €1.00. Repos with only one product enabled on the bundle still bill at €0.50 for that single run. Failed or cancelled runs are never billed. Bundle replaces the two separate bases with a single discounted one and discounts every double-run by €0.25. Everything rolls into a single monthly invoice. No seat fees, no per-repo upcharge.
Prices exclude VAT. Final amount depends on your country and VAT status.
Q. What is a "combined run" on the bundle?
One push or merge request that fires both pipelines on the same diff — a security review run and a code review run, sharing the SCM connection, repo context cache, and audit-log write path. We bill that as a single combined run at €0.75 instead of two separate runs at 2 × €0.50 = €1.00. Saving: €0.25 per double-run, on top of the €89/mo base discount. If a repo on the bundle has only one product enabled, that run bills as a regular single run at €0.50.
Q. What counts as a completed review run?
One run on one diff. Push event, MR open/update, manual trigger, or CI call — they all count as one, no matter the diff size. On the bundle, two runs on the same diff (one security, one review) fold into one combined run for billing purposes.
Q. Are failed runs billed?
No. Token expired, diff unreadable, run could not complete — that one is on us.
Q. Can I cap monthly spend?
Yes — soft cap in workspace settings. We'll keep running but won't post comments or invoice past it until you raise the cap. Works for both meters independently.
Q. What about volume discounts?
From 2,000 completed reviews / month (either product), the per-review rate drops. Above 10,000 — talk to us, we'll tier it sensibly.
Q. Will this help us pass a SOC 2 / ISO 27001 audit?
Not on its own — only your auditor signs off. But every completed review run persists a timestamped record (who, what, verdict, rationale, acceptance trail) that maps to SOC 2 CC7.1, CC8.1, ISO 27001 A.14.2 and PCI-DSS 6.3. The part teams usually scramble to assemble two weeks before the audit. CodeGuards.io has it ready.