Average data breach cost: $4.88M (IBM 2024)
Simple pricing. From solo dev to Fortune 500.
No per-scan credits. No surprise bills. Cancel anytime — 30-day full refund on your first subscription.
Plans
Starter
For small teams shipping fast
$49/mo
10 repos
500 scans/month
25 AI repairs/month
Team
For security-conscious orgs
$399/mo
200 repos
50,000 scans/month
500 AI repairs/month
Enterprise
Unlimited, SCIM, on-prem
Contact sales
Unlimited repos
Unlimited scans/month
Unlimited AI repairs/month
⚙What's an AI repair?
AI analyzes your code → generates a fix → runs tests in sandbox → re-scans for new issues → creates a PR. Average time: ~3 minutes. Average confidence: 85/100.
1Analyze
2Generate Fix
3Sandbox Test
4Re-scan
5Create PR
Compare plans in detail
| Feature | Free | Starter | Pro | Team | Enterprise |
|---|---|---|---|---|---|
| Scanning & Repair | |||||
| Repositories | 3 | 10 | 50 | 200 | Unlimited |
| Scans / month | 50 | 500 | 5,000 | 50,000 | Unlimited |
| AI Repairs / month | 5 | 25 | 100 | 500 | Unlimited |
| 5-stage AI repair pipeline | ✓ | ✓ | ✓ | ✓ | ✓ |
| Sandbox verification (Docker) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Security re-scan (Semgrep + AI) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Auto-patching at scale | — | — | — | ✓ | ✓ |
| Languages & Lanes | |||||
| 25-language reachability | ✓ | ✓ | ✓ | ✓ | ✓ |
| CVE & Dependencies | ✓ | ✓ | ✓ | ✓ | ✓ |
| Container scanning | ✓ | ✓ | ✓ | ✓ | ✓ |
| IaC scanning | ✓ | ✓ | ✓ | ✓ | ✓ |
| Secrets detection | ✓ | ✓ | ✓ | ✓ | ✓ |
| SAST (3,200+ rules) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Malicious package detection | ✓ | ✓ | ✓ | ✓ | ✓ |
| LLM Guard (OWASP LLM Top 10) | ✓ | ✓ | ✓ | ✓ | ✓ |
| ML-BOM (CycloneDX 1.6) | ✓ | ✓ | ✓ | ✓ | ✓ |
| MCP Audit | ✓ | ✓ | ✓ | ✓ | ✓ |
| Agent Supply Chain | ✓ | ✓ | ✓ | ✓ | ✓ |
| Integrations | |||||
| GitHub | ✓ | ✓ | ✓ | ✓ | ✓ |
| GitLab | ✓ | ✓ | ✓ | ✓ | ✓ |
| Bitbucket | ✓ | ✓ | ✓ | ✓ | ✓ |
| Slack notifications | ✓ | ✓ | ✓ | ✓ | ✓ |
| SAML SSO | — | — | — | ✓ | ✓ |
| SCIM 2.0 provisioning | — | — | — | ✓ | ✓ |
| Compliance & Audit | |||||
| SBOM (CycloneDX + SPDX + VEX) | ✓ | ✓ | ✓ | ✓ | ✓ |
| EU CRA Article 14 export | — | — | ✓ | ✓ | ✓ |
| Audit tamper-evident hash chain | — | — | ✓ | ✓ | ✓ |
| OpenTelemetry export | — | — | ✓ | ✓ | ✓ |
| Audit log retention | 7 days | 30 days | 90 days | 1 year | Custom |
| Support & SLA | |||||
| Email support | ✓ | ✓ | ✓ | ✓ | ✓ |
| Priority support (24h response) | — | — | ✓ | ✓ | ✓ |
| Dedicated CSM | — | — | — | — | ✓ |
| Helm airgapped / on-prem | — | — | — | — | ✓ |
| Terraform 3-region | — | — | — | — | ✓ |
| SLA | — | — | 99.5% | 99.9% | Custom |
Frequently asked questions
What is your refund policy?
We offer a 30-day full refund on your first subscription — no questions asked. After the first 30 days, you can cancel anytime and your plan remains active until the end of the billing period. Refunds are processed by Paddle, our Merchant of Record.
Can I upgrade or downgrade at any time?
Yes. Upgrades take effect immediately with a prorated charge for the remainder of the billing period. Downgrades take effect at the start of your next billing cycle. Your data and settings are preserved during plan changes.
Do you offer annual discounts?
Yes — annual billing saves 20% compared to monthly. Annual plans are billed upfront for the full year. Contact sales@bitmax.im for Enterprise annual pricing.
What payment methods do you accept?
We accept all major credit cards (Visa, Mastercard, American Express), PayPal, and wire transfer (Enterprise only). All payments are processed securely by Paddle. For invoiced billing (NET-30), contact our sales team.
How is sales tax / VAT handled?
Paddle automatically calculates and collects applicable sales tax, VAT, and GST based on your billing address. Paddle is the Merchant of Record, so you receive a tax-compliant invoice directly from Paddle.
How do I cancel my subscription?
You can cancel anytime from Settings → Billing in your dashboard. Your plan remains active until the end of the current billing period. No cancellation fees. All your data (SBOMs, audit logs, findings) remains accessible for 30 days after cancellation.
How is this different from Snyk?
Snyk alerts you about vulnerabilities. PatchOps Guard fixes the code — tested, verified, and ready to merge.
Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides all customer service inquiries and handles returns.
Still comparing? Book a 20-minute demo.
Book a 20-minute demo →