Pricing

Simple, Transparent Pricing

Pay by assets managed — not by users or features. All plans include the full platform. No hidden fees.

Annual billing saves 20%. Monthly billing available on all plans.

Starter

$149/mo

Up to 100 assets. Ideal for small teams and early-stage organizations building their vulnerability management practice.

  • Up to 100 managed assets
  • CVE scanning every 12 hours
  • PatchScore™ prioritization
  • Manual patch approval workflow
  • AWS, Azure, and GCP connectors
  • Jira and Slack integration
  • 7-day audit log retention
  • Email support (2 business day SLA)
Get Started
Most Popular

Growth

$399/mo

Up to 500 assets. For security teams that need automated patching and deeper compliance coverage.

  • Up to 500 managed assets
  • CVE scanning every 6 hours
  • All Starter features included
  • Automated patch deployment
  • Canary rollout + auto rollback
  • ServiceNow integration
  • Compliance reports (PCI DSS, SOC 2)
  • 90-day audit log retention
  • Priority support (8-hour SLA)
  • Patch policy YAML version control
Start Free Trial

Enterprise

Custom

Unlimited assets. For enterprises with strict compliance requirements, complex environments, and dedicated support needs.

  • Unlimited managed assets
  • CVE scanning every 1 hour
  • All Growth features included
  • On-premises deployment option
  • SSO/SAML 2.0 (Okta, Azure AD)
  • Custom compliance frameworks
  • 24-month audit log retention
  • Dedicated success engineer
  • 99.95% uptime SLA
  • Custom SLAs and DPA
Contact Sales

All plans include a 14-day free trial. No credit card required to start.

Frequently Asked Questions

Can I start a free trial without giving a credit card?

Yes. The 14-day trial requires only a work email. At the end of the trial you choose a plan and enter billing details — or your account moves to read-only mode. No charges occur without your explicit consent.

What counts as an "asset"?

An asset is any managed endpoint: a cloud VM, a bare-metal server, or a Kubernetes node. Containers running on a node are not counted separately — only the host counts. Serverless functions (Lambda, Azure Functions) count as 0.1 each, rounded up at billing.

How does PatchGuard handle our data security?

PatchGuard is SOC 2 Type II certified. Scan data (package names, versions, CVE matches) is encrypted with AES-256 at rest and TLS 1.3 in transit. We do not store the contents of your files or application data — only package inventory metadata. Our data retention policy is described in our DPA, available to all customers.

Can I upgrade or downgrade my plan mid-cycle?

Yes. Upgrades take effect immediately with prorated billing. Downgrades apply at the start of the next billing cycle. You'll receive an email confirmation whenever a plan change is applied. There are no lock-in penalties on monthly plans.

How long does initial setup take?

Most teams are scanning assets within 20 minutes of account creation. Cloud connectors are configured via read-only IAM roles and take about 5 minutes per cloud account. On-premises agents deploy via a single curl command or Ansible playbook. Our onboarding docs cover both paths step by step.

Not sure which plan fits?

Talk to our team. We'll size the right plan based on your asset count and compliance requirements — no pressure.

Talk to Sales