▍ Pricing
The inspector stays free. Pay for the workflow around it.
Detection is becoming a commodity. Charging for it would be both bad ethics and bad business. We monetise the parts that take effort to operate: continuous scans on every push, autofix pull requests, bespoke remediation walkthroughs, and the API at scale.
Plans
Four tiers. The first is unlimited.
Free
$0/forever
- Unlimited single-URL inspections
- All 15 detector families
- Autofix RLS policy SQL
- Shareable report links
- Public API · 30 scans/hour per IP
- Push-triggered monitoring
Pro
$29/month
- Everything in Free
- GitHub App: scan on every push
- Slack + email alerts
- 90-day scan history
- One bespoke remediation runbook / month
- Public API · 1,000 scans/day
Team
$99/month
- Everything in Pro
- Up to 10 repos
- Autofix pull requests for RLS
- Webhook alerts (PagerDuty, Linear, custom)
- Audit log
- Public API · 10,000 scans/day
Bespoke runbook
$19/runbook
- Personalised PDF + Markdown
- Step-by-step fixes for your stack
- Generated from your inspection report
- Includes RLS SQL + key-rotation steps
- Single purchase, deliverable in 24h
Compare
What's free, what's paid.
Every detection rule is in the free tier. The paid tiers add the operational surface around the scan — automation, history, alerts, multi-repo support.
| Free | Pro | Team | |
|---|---|---|---|
| Single-URL inspection | ✓ unlimited | ✓ | ✓ |
| All 23 detector families · 173 rules | ✓ | ✓ | ✓ |
| Generated RLS policy SQL | ✓ | ✓ | ✓ |
| Shareable report link | ✓ | ✓ | ✓ |
| Agent / MCP / CLI integration | ✓ | ✓ | ✓ |
| GitHub App · push-triggered scans | — | 1 repo | 10 repos |
| Scan history + diff view | — | 90 days | Unlimited |
| Slack alerts | — | ✓ | ✓ |
| Email alerts | — | ✓ | ✓ |
| Webhook alerts | — | — | ✓ |
| Autofix pull requests for RLS | — | — | ✓ |
| Bespoke remediation runbooks | — | 1/mo | Unlimited |
| Audit log | — | — | ✓ |
| Public API · scans/day cap | 30/hr | 1k/day | 10k/day |
Join the waitlist
Pro and Team launch when the GitHub App is ready.
Drop your email — we'll write only when there's something to ship. Free tier is fully functional now; paste a URL on the homepage and you'll get the same detection coverage Pro/Team subscribers will see.
The honest version
Why the free tier exists.
The hard part of vibecheck isn't the scan itself. It's keeping pace with the platforms (Lovable, Bolt, v0, Replit), maintaining detection rules as the AI builders evolve, shipping the GitHub App at production quality, and the operational cost of edge functions running probes against the public internet from Cloudflare's edge network. Subscriptions fund that work without paywalling the thing that helps people most.
If you can't pay and you need this anyway, the inspection is free for a reason. Go scan your app.