Pricing

Passive scanning is free. Pay only to prove findings are real.

One full passive scan a week is free (sign-in required). Pay for active DAST testing or continuous monitoring.

Free · No card required

1 full passive scan every week

All findings shown. All AI fix prompts visible. PDF export included. The weekly quota is the only limit — no hidden findings, no Pro Lock.

Run a free scan

Need a second scan in the same week? Upgrade below.

Every passive scan includes:
  • Security (15 modules)
  • Performance (Core Web Vitals)
  • Accessibility (WCAG 2.2 AA)
  • SEO (crawlability + meta)

Pay to prove it's exploitable

Active DAST testing sends real attack probes against a verified domain. Replaces a manual pentest at 0.2% of the cost.

Verify

Confirm one finding is real

$0
one-time
  • 1 active DAST scan on a verified domain
  • Real SQLi / XSS / auth-bypass probes
  • Scan history retention
  • No subscription
Most popular

Active Pack

Best value for AI builders

$0
one-time
  • 5 active DAST scans
  • Credits never expire
  • Priority scan queue
  • Scan history + PDF export

Monitor

Continuous coverage per domain

$0
per month
  • Unlimited passive scans on the domain
  • Daily auto-scan with regression alerts
  • Scan diff + email/Slack notifications
  • Cancel anytime

Common questions

Is the free tier really fully unlocked?
Yes. One passive scan per week, all findings shown, all AI fix prompts visible, PDF export available. The weekly quota is the only limit — there is no "X findings hidden" banner or paywall inside the report.
What counts against the weekly quota?
Each completed passive scan you start while signed in. Anonymous scans run on a separate IP-based rate limit (10/hour). You need to sign in to view the report.
What is an active DAST scan?
Real attack probes (SQL injection, XSS, auth bypass, API fuzzing) sent against a verified domain. Rate-limited, opt-in, identifies itself with an X-Scanner header. Replaces a $5,000 manual pentest for $0.
Why charge for active testing but not passive?
Passive scanning is HTTP + pattern matching — near-zero marginal cost. Active testing burns real compute and requires domain verification. We charge for the expensive thing.
Can I get a refund?
Yes. 30-day money-back guarantee on Verify and Active Pack. Monitor subscriptions are pro-rated.
What about teams?
Team tier (multi-domain, RBAC, audit log, SAML) is on the roadmap. Email sales@vibesafe.app to get on the early list.
Codifie Support
Hi! Send us a message and we'll get back to you. 👋