Pricing

Free guards one machine. Paid runs the whole team's policy.

All 25 detection signals run on every tier — you never pay for more protection, only for the control plane that scales it across your team. Billed through Paddle with a 14-day money-back guarantee on every paid plan.

The CLI and policy engine are open source and auditablegithub.com/chain305/chainsaw-core.

Detection layer is not a tier

All 25 signals fire on Free, Pro, and Enterprise.

Tiers gate scale (storage, bandwidth, users), team integrations, and deployment shape (on-prem, air-gapped) — never the detection layer or your view of your own data. The free path is a local install guard: one command, no server, no proxy.

curl -fsSL https://chain305.com/install.sh | bash
chainsaw guard init --install

First run asks once whether to share anonymous usage + blocked-package data to improve detection (defaults to yes; decline anytime; never from CI). Change with chainsaw telemetry on|off — see the privacy policy.

Pricing

Simple plans that scale with your rollout

Start with the local guard — free, zero-infra. Upgrade to the hosted team control plane (with your SSO) when policy moves into production, and flip to Enterprise for on-prem, SIEM, or a negotiated contract.

Free

Guard one machine. Local, open source, all 25 signals.

$0 forever
  • Runs locally, no server
  • All 25 detection signals
  • No account required to start
  • Install the CLI in one command, every package manager
  • Blocks malicious + typosquatted packages at install, on your machine
  • chainsaw guard update pulls the full public OpenSSF malicious-packages set
  • Open source: github.com/chain305/chainsaw-core
  • First run asks once to share anonymous blocked-package data (defaults to yes, decline anytime; never from CI)

Hosted proxy free tier: 500 MB storage, 1 GB bandwidth, 3 seats.

Recommended

Pro

One central policy for the whole team — with your SSO.

$149 per month
  • 5 GB storage
  • 25 GB bandwidth (up + down)
  • 10 users
  • Everything in Free
  • SSO (SAML & OIDC) + SCIM provisioning
  • Central policy across the team, monitor → enforce rollout
  • Billy — policy copilot
  • Shared audit trails & advanced dashboards
  • Webhooks + priority email support

Extra data billed at $1.50 / GB.

Enterprise

Run it your way — on your infra, wired to your stack.

$1,199 per month
  • Unlimited storage
  • Unlimited bandwidth
  • Unlimited users
  • Everything in Pro (including SSO & SCIM)
  • On-prem / air-gapped deployment eligibility
  • SIEM export (Splunk, Sentinel, QRadar)
  • Ticketing integration (Jira)
  • 99.9% uptime SLA + dedicated onboarding

Platform & Integrations

Tier-gated capabilities. Volume limits above apply to every plan; the items below are boolean — either included in the tier or not.

Capability Free Pro Enterprise
Billy — policy copilot ·
Single sign-on (SAML & OIDC) ·
SCIM provisioning ·
On-premise / air-gapped deployment · ·
SIEM export · ·
Ticketing integration (Jira) · ·

Need something custom?

On-prem deployments, custom integrations, or volume pricing

Enterprise adds third-party integrations and on-prem eligibility. If you need bespoke deployment, air-gap, or a negotiated contract, jump on a 30-minute call.

Talk to sales

Billing handled by Paddle (merchant of record)

Paid plans are sold and billed through Paddle, who handles payment processing, tax, and invoices. We never see your card details. Every subscription is covered by a 14-day money-back guarantee — full refund within 14 days of your first upgrade, prorated refund for unused time thereafter.

FAQ

Pricing FAQ

What do I actually get on Pro?

One central policy enforced across your team's install path, SSO/SCIM, Billy the policy copilot, shared audit and dashboards, and webhooks. Free protects each machine locally; Pro protects the whole team's install path from one place.

Is there a per-developer seat fee?

No. Pricing is plan-based, not seat-based — usage is bounded by storage and bandwidth caps on the org as a whole. Add developers freely inside the plan's user count.

Is the Free plan really free forever?

Yes. Free is the local-first install guard — one command installs the CLI and blocks malicious and typosquatted packages at install time, on your machine, with all 25 signals. No account, no credit card; the hosted team control plane starts when you want central policy.

What happens if my team exceeds Pro limits?

Usage keeps working. Extra data is billed at $1.50 per GB on Pro, you see usage in the billing dashboard, and you get an in-app nudge at 80% of cap.

Are the supply-chain attack signals included on Pro?

Yes — all 25 signals fire on Free, Pro, and Enterprise. Tier gates apply only to enterprise integrations (SIEM streams, ticketing) and on-prem deployment, never to the detection layer. You never pay for more signals.

Can I see and export the SBOM and dependency inventory on Free?

Yes — reading and exporting your org's own SBOM and inventory (CycloneDX 1.6 + SPDX) is on every tier; it's your data. Pro and Enterprise extend snapshot retention and add advanced dashboards and audit-trail history.

Can I change plans at any time?

Yes. Upgrade or downgrade from the in-app billing page. Upgrades apply immediately; downgrades take effect at the end of the current billing period.

Are webhooks available on every plan?

Yes — webhooks are not paywalled; every tier can configure up to five per user for events like blocked installs. Only SIEM streams (Splunk HEC, Microsoft Sentinel, IBM QRadar) and ticketing integrations are Enterprise-only.

Does Chainsaw support on-prem or air-gapped deployments?

On-prem is Enterprise. The CLI can bake the server URL at build time so air-gapped users never see a public origin. Book a call for custom rollouts.

Which plan includes SSO?

SSO (SAML & OIDC) and SCIM provisioning are included on Pro and Enterprise — we don't gate SSO behind an enterprise-only jump. Password plus TOTP works on Free; invite-based role assignment applies on every tier.

Do you offer annual pricing or volume discounts?

Yes. Toggle annual on the pricing cards to save about two months versus monthly — billed yearly, self-serve. Contact sales for volume pricing above 50 users or negotiated terms.

What's the SLA on paid plans?

Pro includes business-day support. Enterprise includes a 99.9% uptime SLA and dedicated onboarding, detailed during custom-contract discussions.