Pricing
The CLI is free. The cloud is inevitable.
Full scanning engine with IDOR, exposure detection, and GraphQL — free forever. When you need auth matrix, baseline triage, business logic testing, or GitHub integration — that's where Pro starts.
Free
Full scanning engine. IDOR (2 users). Passive exposure. GraphQL. Branded PDF export.
- Full scanning engine
- IDOR detection (2 users)
- Passive exposure scanning (auto)
- GraphQL per-operation detection
- Markdown + JSON + branded PDF export
- MCP server (local)
- Unlimited local scans
Pro
Auth matrix. Active exposure. Auth flow testing. Baseline. Business logic. Webhooks.
- Everything in Free
- Auth matrix (N roles)
- Active exposure probing
- Auth flow testing (Supabase / Firebase)
- Baseline / triage management
- Business logic testing (step-skip, replay)
- PDF export (branded + unbranded)
- CSV export (Jira / Linear import)
- Webhook notifications
Team
GitHub sync. SARIF. Compliance mapping. Scheduled rescans. Shared baselines.
- Everything in Pro
- GitHub issue sync (auto-create/close)
- PR security comments
- SARIF export (GitHub Code Scanning)
- Compliance mapping (CWE + OWASP)
- Scheduled rescans
- Shared baselines across team
- Aggregate dashboard (cloud)
- API access
Enterprise
Compliance reports. SSO. Managed scanning. Dedicated MCP. SLA.
- Everything in Team
- Compliance reports (SOC 2, PCI DSS, ISO 27001)
- SSO / SAML
- Dedicated MCP server (org-wide)
- Custom detection rules
- Managed scanning (we run it)
- Audit trail
- SLA + dedicated support
- On-prem deployment option
Our philosophy
The CLI should feel generous.
We don't gate the CLI behind a license key. The moment brokenapp scan requires auth to run, we lose the bug bounty crowd, the viral distribution, and we're competing with free tools instead of being in a category of our own.
The full scanning engine runs locally with zero restrictions. All output formats. All scan modes. No usage caps. No telemetry you can't disable.
The upgrade path
The cloud should feel inevitable.
You start by running scans locally. Then you want to share a report with a client. Then you want to diff scans over time. Then you want it in CI. Then the whole team needs access.
Each step is a natural escalation. We don't push you there — the workflow does. By the time you need Pro, you already know it's worth it because you've been using the full engine for free.
Compare plans
Feature breakdown
| Feature | Free | Pro | Team | Enterprise |
|---|---|---|---|---|
| Full scanning engine | ||||
| IDOR detection (2 users) | ||||
| Passive exposure (auto) | ||||
| GraphQL support | ||||
| MCP server (local) | ||||
| Markdown + JSON export | ||||
| Branded PDF export | ||||
| Auth matrix (N roles) | ||||
| Active exposure probing | ||||
| Auth flow testing (Supabase / Firebase) | ||||
| Baseline / triage management | ||||
| Business logic testing | ||||
| CSV export | ||||
| Webhook notifications | ||||
| Unbranded PDF export | ||||
| GitHub issue sync | ||||
| PR security comments | ||||
| SARIF export (Code Scanning) | ||||
| Compliance mapping (CWE + OWASP) | ||||
| Scheduled rescans | ||||
| Shared baselines | ||||
| Aggregate dashboard | ||||
| API access | ||||
| Compliance reports (SOC 2, PCI) | ||||
| SSO / SAML | ||||
| Dedicated MCP server | ||||
| Custom detection rules | ||||
| Managed scanning | ||||
| Audit trail | ||||
| SLA + dedicated support |
FAQ
Common questions
Is the CLI really free?
Yes. Full scanning engine, IDOR detection (2 users), passive exposure scanning, GraphQL support, branded PDF export. Unlimited local scans. No license key. No auth wall.
What's the difference between Free and Pro?
Free gives you the core scanner with IDOR for 2 users and passive exposure. Pro unlocks auth matrix (N roles), active exposure probing, Supabase/Firebase auth testing, baseline triage, business logic testing, webhooks, and CSV export.
Why is Team per-seat instead of flat?
Team unlocks GitHub sync, SARIF, compliance mapping, shared baselines, and the aggregate dashboard — features that scale with team size. Each seat gets full access to all Team features.
Can I try Pro before paying?
Clean Code Challenge participants get a free Pro pass for 30 days. Otherwise, start with the free CLI — you'll know when you need Pro.
Do you support Supabase and Firebase auth?
Yes. Pro and above include native auth flow testing for Supabase (GoTrue) and Firebase (Identity Toolkit). Configure via TOML — the CLI handles token exchange, refresh, and session persistence testing.
Do you offer annual billing?
Yes. Annual plans get 2 months free. Pro annual is $790/year. Team annual is $2,490/year per seat.
What's the branded PDF export?
Every export includes a 'Generated by BrokenApp' footer with a link to brokenapp.io. Free users get branded PDF. Pro users can export unbranded PDFs for client-facing reports.
Do you store my scan data?
Free CLI scans stay 100% local — nothing leaves your machine. Team and Enterprise store scan results in the cloud for dashboards, shared baselines, and GitHub sync.
Start scanning for free.
No signup. No credit card. No auth wall.