Pricing (original) (raw)

Secure Your Apps and

Scale Your Program

StackHawk supports developers and security teams throughout their AppSec modernization journey, from our shift-left testing built to keep pace with modern development to our complete platform that gives you the visibility you need to scale.

A neon blue gear icon with a code symbol () in the center, set against a dark square background with a glowing blue border—perfect for illustrating Dynamic Application Security Testing (DAST) or runtime vulnerability detection.

Secure

Shift-Left DAST & API Security Testing that runs directly in CI/CD to enable developers to fix critical application and API security vulnerabilities.

Fast, incremental scans in CI/CD
Runtime testing for modern apps & APIs
Integrated into development workflows
Remediation guidance

A minimalist icon of three stacked, outlined rectangles glowing in green on a dark background, symbolizing layered data or a database and representing Dynamic Application Security Testing (DAST).

Scale

StackHawk’s AppSec Intelligence Platform combines attack surface mapping from code and continuous oversight to help teams scale their AppSec programs. With Scale, you get everything in Secure plus:

SAST & DAST correlation
AI-powered fixes as code
Application & API discovery from code
Auto-generated OpenAPI specs
Continuous test coverage oversight
Program effectiveness metrics

Best-in-Class Testing.

Built for Modern Development.

Both of our plans include our industry-leading shift-left DAST, built from the ground up for CI/CD velocity and modern app architectures. Here’s what makes our testing different.

Pre-Production Testing in CI/CD

Catch critical vulnerabilities before production without slowing down development. Runs natively in your CI/CD infrastructure with Docker and CLI tools for any development environment.

A simple turquoise line drawing of a circular shield or badge with a checkmark in the center, shown at an angle on a light blue background, symbolizes AppSec Risk Prioritization for effective runtime vulnerability detection.

Deterministic Scans, High-Signal Findings

StackHawk’s runtime testing is optimized for speed, reliability, and depth of scanning to minimize noise. Every finding includes cURL-based validation commands to verify exploitability.

A blue outline icon of a speech bubble containing coding symbols, resembling a terminal or code snippet, on a light blue background—ideal for representing Dynamic Application Security Testing (DAST) processes.

Developer-Friendly Feedback Loops

Security findings are delivered directly in developer workflows, with contextual guidance and fixes-as-code. Native integrations with dev tools accelerate triage and remediation cycles.

A minimalist teal line drawing of a computer monitor displays "API" on its screen, symbolizing GraphQL & gRPC API Security, set against a light blue background.

Modern Application & API Support

Complete coverage for REST, GraphQL, SOAP, and gRPC APIs across microservices, SPAs, and traditional applications. Authentication as code ensures effective and reliable scanning.

A turquoise icon showing a bar graph with three vertical bars of increasing height and a dotted line graph above them, symbolizing API Attack Surface Discovery, on a light blue background.

Unlimited Scanning & Users

StackHawk plans are based on number of code contributors—not usage—so you get unlimited testing across every environment without usage caps or additional user licensing costs.

A light blue line drawing of a webpage with a checklist and a ribbon badge featuring a checkmark, symbolizing verification or certification in the context of Dynamic Application Security Testing (DAST).

Enterprise Security & Support

SSO authentication, API access for custom workflows, and advanced integrations. Comprehensive documentation and email-based support from our Customer Success team.

Comparing Plans

Secure gives you best-in-class runtime testing. Scale adds complete attack surface visibility from source code and the intelligence you need to manage and prove the effectiveness of your AppSec program.

Secure

Scale

Shift-Left DAST & API Testing

CI/CD-native runtime testing

Modern app architecture support (REST, GraphQL, SOAP, gRPC)

Developer-friendly remediation

Unlimited scans & environments

OWASP LLM Top 10 coverage

Attack Surface Discovery

Discover apps & APIs from source code

Repository connections & monitoring

Risk-based prioritization (development activity signals)

AI-powered OpenAPI spec generation

AI-generated fix recommendations

Workflow Integrations

Communication (Slack, Microsoft Teams)

Ticketing (Jira Cloud & Self-Hosted)

Source Code Management - Cloud (GitHub, GitLab)

Source Code Management - Enterprise (GitHub Enterprise, GitLab Self-Hosted, Azure Repos, Bitbucket)

SAST Correlation

Enterprise Features

Compliance integrations (Vanta)

Which plan is for you?

Choose Secure if:

You're replacing a legacy DAST tool that can't keep up with CI/CD velocity
You need runtime application security testing that developers will actually adopt
Your primary goal is finding and fixing vulnerabilities before production

Choose Scale if:

You're scaling your AppSec program and need visibility into what you have
You want to understand which applications are high-risk and need testing priority
You need to demonstrate program effectiveness to executives or the board

Security testing inside your AI assistant with Vibe

StackHawk Vibe is a single-user plan that gives you the power of StackHawk dynamic testing without leaving your AI code assistant.

$5/month

Reimagine Your AppSec Program

One click to start discovering everything you’re exposed to.