Pricing
Transparent pricing. No per-account surcharges.
Start free. Upgrade when you need CI/CD enforcement and multi-account coverage.
Monthly
Annual
Save ~15%
Explore
$0
/month
Up to 1 cloud account, 50 SCPs/policies scanned
- 1 cloud account (AWS, Azure, or GCP)
- Control map: up to 50 policies
- Manual guardrail checks
- Docs access
- Community Slack
Most popular
Enforce
$390
/month
Up to 10 cloud accounts, unlimited policy scanning
- 10 cloud accounts (any mix of AWS/Azure/GCP)
- Unlimited policy and SCP scanning
- CI/CD pipeline guardrail gates
- IaC pre-deploy checks (Terraform + CloudFormation)
- Drift detection and alerting
- Slack + PagerDuty alerts
- Email support
Enterprise
Custom
Unlimited accounts, custom compliance mapping
- Unlimited cloud accounts
- Custom compliance framework mapping (SOC 2, NIST CSF, CIS)
- SIEM integration (Splunk, Datadog, Sentinel)
- Dedicated onboarding engineer
- SLA: 4-hour response
- SSO / SAML
- Self-hosted deployment option
FAQ
Questions we actually get
An AWS account, Azure subscription, or GCP project. Each connected resource counts as one account toward your tier limit. An AWS Organization with 50 member accounts counts as 50 accounts.
No credit card required for the Explore tier. You can connect one cloud account and run a full control scan without entering payment information. Upgrade to Enforce when you're ready to add CI/CD enforcement.
You add a single step to your pipeline that submits the Terraform plan JSON to the Native Security API. The API evaluates the proposed resource changes against your org's effective policy set and returns a PASS or FAIL with violation details. A FAIL fails the workflow step and halts the deploy. Average evaluation time is under 2 seconds for 100 resources.
Yes. Native Security supports AWS, Azure, and GCP independently. You can connect any one cloud and get full value — the multi-cloud drift detection feature activates when you connect two or more clouds.
Available on Enterprise. The Native Security policy engine is packaged as a container that runs in your own infrastructure. API calls go to your deployment, not our cloud. Particularly relevant for government, defense, or heavily-regulated industries where data residency requirements prohibit third-party SaaS for cloud API credentials.
More than 10 accounts, or need self-hosted?
Tell us about your account count, cloud mix, and whether you need the policy engine running in your own infrastructure. We'll respond with what Enterprise actually looks like for your situation.