Pricing
From your first vibe-coded app to a team shipping daily. Start free, upgrade when you need more.
Live URL scanning with tech stack, XSS, injection, WAF, ports, GDPR, subdomains.
Repository analysis for auth, secrets, unsafe patterns, webhook and load-review gaps.
CI, IDE, and agent workflows through `/api/v1/scan/code` and `/api/v1/scan/project`.
Developer handoff, JSON/HTML exports, and fix templates for AI coding tools.
Scan any site, see what AI missed
For solo founders and indie hackers
For small dev teams and agencies
Need unlimited team members, SSO, or a custom solution? Contact us for Enterprise pricing
Compare
| Feature | Free | Pro | Team |
|---|---|---|---|
| Scanning | |||
| URL security scans | 3/month | Unlimited | Unlimited |
| Domains | 1 | 10 | 50 |
| Scanner modules | 18 | 18 | 18 |
| Security checks | 70+ | 70+ | 70+ |
| GitHub repo scanning | |||
| Vibe Code Tools | |||
| Platform detection (Lovable, Bolt, etc.) | |||
| Vibe Security Score | |||
| Fix prompts for AI tools | Preview | ||
| "Vibe Verified" badge | |||
| Developer Tools | |||
| CLI (npx @boringsec/cli) | |||
| VS Code / Cursor extension | |||
| Claude Code MCP plugin | |||
| .cursorrules generator | |||
| Code scanning API | |||
| Project scanning API | |||
| Monitoring | |||
| Automated re-scans | Weekly | Daily | |
| Email alerts | |||
| Slack alerts | |||
| Reports & Compliance | |||
| PDF reports | |||
| SOC 2, GDPR, PCI DSS | |||
| CI/CD integration | |||
| Team | |||
| Team members | 5 | ||
| Priority support | |||
Why us
Every funded competitor went enterprise. We built the tool that solo founders and indie hackers actually need.
| BoringSec | Tenzai | Escape | Snyk | |
|---|---|---|---|---|
| Target audience | Solo founders, indie hackers | Enterprise only | Security teams | Dev teams with CI/CD |
| Setup time | 0 — paste URL, scan | Weeks (sales demo) | Days (onboarding) | Hours (CI pipeline) |
| Pricing | Free + $29/mo | Private beta ($75M raised) | $18M Series A pricing | $10K–100K+/yr |
| AI code focus | Built for vibe coding | General pentest | Offensive security | Legacy AppSec |
| Fix prompts | Copy-paste for Cursor, Lovable, Bolt | — | — | — |
| Platform detection | Lovable, Bolt, v0, Replit, etc. | — | — | — |
| Self-service | Yes, instant | No | No | Partial |
FAQ
Yes. 3 scans per month, forever. No credit card required.
We detect if your app was built with AI tools like Lovable, Bolt, or Cursor, then check for the specific vulnerabilities AI-generated code creates — exposed API keys, missing RLS, open databases.
The product now spans website deep scans, GitHub review, API-based code scanning, and full project scanning via integrations. Reports also include richer technical details, trust notes, and exportable developer handoffs.
Yes, upgrade or downgrade anytime. Changes take effect immediately with prorated billing.
Each fix prompt is tailored to your specific AI coding tool. If you use Lovable, you get Lovable-specific instructions. Cursor users get file-path-oriented fixes. Copy, paste, fixed.
Upgrade to Pro for unlimited scans, or wait for the next month. Your existing reports stay accessible forever.