Start free. Ship with confidence.
Free plan gives you semgrep and regex scanning forever. Upgrade to Pro for the full AI pipeline at $29/dev/month -- hallucination detection, auth bugs, secrets, and logic issues in one tool.
The only scanner built for AI-generated code. One caught bug covers the plan for months.
Free
For individual developers getting started with automated security scanning. One repo, static analysis, community support.
Pro
For teams shipping AI-generated code who need the full detection pipeline. The only scanner that catches AI hallucinated APIs, auth bugs, secrets, and logic issues.
Scale
For engineering orgs that need custom rules, policy enforcement, and dedicated support. Volume discount at $300/mo minimum.
Enterprise
SAML, audit logs, compliance exports, dedicated CSM, and an uptime SLA. Everything Scale includes, plus.
What CodeSheriff does that other scanners cannot
Full feature comparison
Pro at $29/dev/month includes the full AI detection pipeline. Scale at $15/dev/month for teams of 20 or more.
| Feature | Free | Pro | Scale | Enterprise |
|---|---|---|---|---|
| Scanning | ||||
Repositories | 1 repo | All repos | All repos | All repos |
Semgrep + regex static analysis | ||||
Full AI pipeline | ||||
Auto-fix suggestions | ||||
Custom rules | ||||
Policy enforcement | ||||
| Integrations | ||||
GitHub PR comments | ||||
CLI | ||||
Slack integration | ||||
SARIF export | ||||
Custom webhooks | ||||
SSO / SAML | ||||
Audit logs | ||||
Compliance exports | ||||
| Support | ||||
Community support | ||||
Email support | ||||
Priority support | ||||
Dedicated CSM | ||||
Uptime SLA | ||||
Frequently asked questions
What is included in the free plan?
One repo, semgrep static analysis, regex-based detection, and community support. No AI pipeline, no time limit.
How does Pro pricing work?
$29 per developer per month. Billed monthly. Covers all repos, the full AI detection pipeline (hallucination, auth, logic bugs), auto-fix suggestions, CLI, and Slack.
What does Scale add over Pro?
Custom detection rules you define, policy enforcement gates on PRs, priority support, and SSO. $15 per developer per month with a minimum of 20 developers ($300/mo minimum).
What does CodeSheriff detect that other tools miss?
CodeSheriff is the only scanner that catches AI-hallucinated API calls -- methods that do not exist in the library version you are running. It also includes self-improving detection via Autotune, which learns from your team's feedback to reduce false positives over time. No other scanner in the market ships both.
Does CodeSheriff pay for itself?
A single critical bug caught before prod typically costs $5,000 to $50,000+ to remediate. One caught bug covers the Pro plan for months. Most teams see ROI in week one.
How does this compare to bug bounty programs?
Bug bounty payouts for critical findings start at $1,000 and routinely reach $10,000 or more. Pro at $29/dev/month costs less than a single medium-severity payout, and catches the bugs before external researchers do.
Can I use CodeSheriff on private repositories?
Yes. The GitHub App requests only the minimum permissions to read PR diffs and post check runs. Your source code is never stored.
Is there an annual billing option?
Yes. Annual billing is available at a discount. Contact us for details.
Is there a self-hosted option?
Enterprise customers can request an on-premises deployment for strict data residency requirements. Contact sales.
Still have questions? Email us and we will get back to you within 1 business day.