Simple, transparent pricing
Start scanning for free with the CLI. Add enrichment, team features, and enterprise controls as you grow. No per-scan fees.
Free
Full CLI scanner. No account required.
- Unlimited local CLI scans
- OSV + basic NVD enrichment
- Text output format
- Pre-compiled free vulnerability database
- No account required
Developer
Enhanced enrichment and output formats for individual developers.
- Everything in Free, plus:
- NVD, EPSS, KEV enrichment
- JSON and NDJSON output formats
- SBOM import, diff, and export
- 1 developer seat
Team
Dashboard, CI/CD, and registry scanning for teams of 5+.
- Everything in Developer, plus:
- Full vulnerability database (OVAL, distro trackers)
- Web dashboard and scan history
- CI/CD integration (GitHub Action, policy gates)
- Docker registry connections with scheduled scans
- Slack and webhook notifications
- 5+ developer seats (minimum 5)
Enterprise
Self-hosted deployment with SSO, compliance, and dedicated support.
- Everything in Team, plus:
- SSO / SAML authentication
- Self-hosted Kubernetes deployment
- Compliance report generation (SOC 2, ISO 27001)
- License risk analysis
- Audit logging
- Unlimited seats
- Dedicated support and SLA
Feature comparison
Detailed breakdown of what's included in each plan.
| Feature | Free | Developer | Team | Enterprise |
|---|---|---|---|---|
| Local CLI scans | Unlimited | Unlimited | Unlimited | Unlimited |
| OSV enrichment | ||||
| Basic NVD enrichment | ||||
| NVD + EPSS + KEV enrichment | — | |||
| Text output | ||||
| JSON / NDJSON output | — | |||
| SBOM import, diff, and export | — | |||
| Full vuln database (OVAL, distro trackers) | — | — | ||
| Web dashboard and scan history | — | — | ||
| CI/CD integration (GitHub Action, policy gates) | — | — | ||
| Docker registry connections | — | — | ||
| Scheduled registry scans | — | — | ||
| Slack and webhook notifications | — | — | ||
| SSO / SAML authentication | — | — | — | |
| Self-hosted Kubernetes deployment | — | — | — | |
| Compliance reports (SOC 2, ISO 27001) | — | — | — | |
| License risk analysis | — | — | — | |
| Audit logging | — | — | — | |
| Developer seats | — | 1 | 5+ | Unlimited |
| Support | Community | Priority | Dedicated + SLA |
Frequently asked questions
Common questions about ScanRook plans and features.
Do I need an account to use ScanRook?
No. The Free CLI scanner works without any login or account. You only need an account for Developer, Team, or Enterprise features.
What's included in the free trial?
Developer and Team plans include a 14-day free trial with full access to all plan features. No credit card required to start.
What's the minimum for the Team plan?
The Team plan requires a minimum of 5 developer seats at $40/dev/month. Additional seats can be added at any time.
What artifacts can ScanRook scan?
Container image tars (Docker, OCI), source tarballs, ISO images, and compiled binaries (ELF, PE, Mach-O). The scanner also imports existing SBOMs in CycloneDX, SPDX, and Syft JSON formats.
Is there a self-hosted option?
Yes. The Enterprise plan includes a Kubernetes-native deployment with all three services (UI, Worker, Scanner). Contact sales@scanrook.io for architecture details and deployment support.
What data sources does ScanRook use?
OSV (Google Open Source Vulnerabilities), NVD (NIST National Vulnerability Database), Red Hat OVAL advisories, CISA KEV (Known Exploited Vulnerabilities), and FIRST.org EPSS (Exploit Prediction Scoring System).
Can I upgrade or downgrade at any time?
Yes. You can change plans at any time from your billing dashboard. Upgrades take effect immediately and downgrades apply at the end of the current billing cycle.
Ready to start scanning?
Install the CLI in under 30 seconds. No account required.