Skip to content

Pricing

Transparent pricing. No usage tax on shipping secure containers.

Every plan includes the full scanner suite, the entire compliance framework catalog, and unlimited audit history. The only differences are scale and support.

Free

$0/forever

Individual developers, side projects, evaluating the platform.

  • 5 connected registries
  • 50 tracked images
  • 100 scans per month
  • 3 team members
  • All six bundled scanners
  • Community support
Most popular

Team

$29/user/month

Development teams shipping containers in production.

  • 25 connected registries
  • 500 tracked images
  • Unlimited scans
  • 25 team members
  • Slack, PagerDuty, webhook notifications
  • SLA tracking with breach alerts
  • SBOM exports (CycloneDX, SPDX)
  • Email support, < 1 business day

Enterprise

$79/user/month

Compliance-driven orgs with audit and procurement requirements.

  • Unlimited registries, images, scans, members
  • SAML / OIDC SSO and SCIM
  • Compliance evidence packs (SOC 2, FedRAMP Moderate, ISO 27001, NIST 800-53, HIPAA, CMMC)
  • Custom retention windows
  • Multi-year audit log retention
  • Dedicated Slack channel
  • 99.9% uptime target
  • Priority support, < 4 business hours
  • Self-hosted deployment option

Explore features

Understand what you are paying for.

Automated CVE Triage

Prioritized runs triggered on scan completion and new advisories, with SLA tracking and attestations.

Learn more

Container Vulnerability Scanning

Six bundled scanners — Trivy, Grype, Syft, Dockle, OSV-Scanner, Dive — with deduplicated findings.

Learn more

Container Image Patching

In-place OS-package patching without a Dockerfile rewrite. Patched image pushed back to your registry.

Learn more

Compliance Audit Engine

Continuous control-mapped evidence for SOC 2, PCI-DSS, FedRAMP Moderate, ISO 27001, HIPAA, CMMC, and more.

Learn more

FAQ

Frequently asked questions

Do you charge per scan?

No. Free has a 100/month cap so we can size capacity; Team and Enterprise have unlimited scans. Cloud scan dispatch and image patching count as one scan each.

What counts as a tracked image?

A tracked image is a unique repository:tag pair under a connected registry. Multiple scans of the same tag count once. Re-tagging a build (e.g. promoting v1.2.3-rc to v1.2.3) counts as one tracked image, not two.

Can I self-host HarborGuard?

Yes. The platform is open source under AGPL-3.0 and ships as a Docker image. Enterprise plans include support, the compliance frameworks pack, and the SAML/OIDC SSO module. Self-hosted deployments run the same scan, patch, and reporting pipelines as the SaaS.

Is there a free trial of paid plans?

Yes — Team includes a 14-day trial with the full feature set. No credit card required to start; we ask for one only if you continue past day 14.

How does billing work?

Stripe-powered, monthly or annual (10% off annual). Invoiced for Enterprise. Add or remove seats any time; we prorate to the day.

What happens if I exceed my plan limits?

We show a banner and pause new scans on the over-limit dimension only — existing scans, results, and notifications keep working. Upgrade in-app from /settings/billing.