Pricing

Free to start. Pay when you scale.

Most teams start on Cloud. Regulated operators move to self-hosted when their compliance profile demands it. The agent is open source either way.

Cloud · Free

no card

€0

forever, for small teams getting started

  • Up to 3 GitLab projects
  • Up to 5 active runners
  • 7-day violation history
  • Anomaly detection on default baselines
  • Email alerts
Request access
most teams pick this

Cloud · Team

SaaS

€49 / month

+ €19 / active runner / month

billed monthly · cancel any time

  • Unlimited projects
  • 90-day violation history
  • Custom profiles + baselines
  • Slack + webhook alerting
  • OIDC SSO
  • MCP integration for AI triage
Talk to us

Cloud · Business

scale

€199 / month

+ €15 / active runner / month

volume discount · from 20 runners

  • Everything in Team
  • 1-year violation history
  • RBAC + immutable audit log
  • SAML SSO
  • Priority support
Talk to us

Self-hosted

EE

Talk to us

priced by cluster footprint · not by seat

  • Everything in Business — same code path
  • Runs entirely in your Kubernetes cluster
  • No telemetry, no phone-home, air-gap supported
  • Aligns with GDPR / NIS2 / DORA / CRA by deployment model
  • Dedicated upgrade channel + custom SLAs
Talk to us

An active runner is one that processed at least one CI job in the billing month. Idle runners cost nothing.

Just the agent? Use CE.

The open-source Community Edition runs the same enforcement primitives. YAML allowlists, stdout / Prometheus / webhook output, MPL-2.0. Free forever.

  • · All enforcement primitives (DNS proxy, eBPF egress, default-deny)
  • · Process attribution on every blocked egress
  • · YAML-driven allowlists, on disk per profile
  • · Prometheus metrics + webhook reporting
  • · Self-hosted agent, MPL-2.0, no telemetry
  • · GitLab Runner: Kubernetes, Docker, podman
Get CE on GitLab

Cloud and Self-hosted run the same code path. Migrate either direction without re-writing policy.