Plans & Pricing

One Product,
 One Price
ALL SOLUTIONS

 

Open source

Unlimited free code scanning for open-source projects

Free forever

$0

Sign Up
Polyglot code scanning as a service
  • Unlimited lines of code in public projects
  • Code quality and security scanning across 49 languages and frameworks
  • 100% cloud-based analysis via Git - zero hosting or pipeline integration required
Modern developer experience
  • Shift left and block PR merges with vulnerable, buggy, or untested code
  • Smart PR review assistant and one-click fix suggestions
  • Live PR scan results inside your IDE
Continuous code security
  • SAST scanning
  • Hardcoded secrets & password detection
  • Third-party dependency / SCA scanning
  • Infrastructure-as-code (IaC) misconfiguration detection
     

Pro

For modern teams shipping clean and secure code every day

Starting at

$15

$18

per dev/mth, billed

per dev/mth, billed

Yearly
Monthly
Start Free Trial

← Everything in Open Source, plus:

Code compliance for commercial projects
  • Unlimited lines of code in up to 100 private projects, with less than 30 contributors
  • Manage code health, security and test coverage across multiple teams and projects

Advanced Security management
  • Real-time security and risk management monitor with remediation due date tracking
  • Live critical security alerts via Slack
  • Import external security findings and DAST reports

Business

For leading organizations with enterprise-level security and reporting requirements

Custom

 

← Everything in Pro, plus:

Full DevSecOps Intelligence at scale
  • Unlimited private projects
  • Daily vulnerability database updates with real-time monitoring across projects
  • Penetration testing (billed separately)
  • SBOM explorer (coming soon)
  • License scanning
  • Import external dependency scan results from your CI/CD
Enterprise-ready deployment
  • SOC2-certified cloud infrastructure
  • Custom API scripts for configuration and reporting at scale
  • Audit log for usage tracking
White-glove customer excellence
  • Dedicated Customer Success Manager (depending on contract value)
  • Premium technical support with screen sharing and video chat
  • Extended proof-of-value (trial) with dedicated support

Audit

One-off 360° compliance report for code quality and security audits.

Custom

 
Full overview of your compliance status with exportable reports, ready in minutes

  • SAST vulnerabilities
  • Hardcoded secrets
  • IaC misconfiguration
  • Software Composition Analysis (SCA)
  • SBOM report
  • DAST report upload
  • Dependency license checking
  • Human-led penetration testing
  • Unlimited retests included
  • White-glove customer service and priority technical support

An experience our customers love

users-love-us
StaticCodeAnalysis_Leader_Leader-4
StaticApplicationSecurityTesting(SAST)_HighPerformer_Europe_HighPerformer
StaticApplicationSecurityTesting(SAST)_BestMeetsRequirements_MeetsRequirements
StaticApplicationSecurityTesting(SAST)_BestEstimatedROI_Roi
DynamicApplicationSecurityTesting(DAST)_EasiestSetup_EaseOfSetup
DynamicApplicationSecurityTesting(DAST)_EasiestAdmin_EaseOfAdmin-1
DynamicApplicationSecurityTesting(DAST)_BestSupport_QualityOfSupport

Features included

Open source
Pro
Business
Integration
Unlimited Public cloud-based repositories
right
right
right
Private cloud-based repositories
cross
right
Up to 100 repos
right
GitHub, Bitbucket and GitLab integration
right
right
right
IDE plugin for VSCode and JetBrains
right
right
right
Test coverage tracker and merge gates
right
right
right
Code Scanning
49 languages and frameworks supported
right
right
right
Real-time Commit & Pull Request scans
right
right
right
Pull Request merge gates
right
right
right
Smart PR review assistant
right
right
right
One-click fix suggestions
right
right
right
Smart configuration with over 12k scan rules
right
right
right
Custom scan rules
cross
cross
right
Prioritized analysis for faster results
cross
cross
right
Security Scanning
SAST scanning
right
right
right
Hardcoded secrets & password detection
right
right
right
Infrastructure-as-code (IaC) misconfiguration detection
right
right
right
Dependency / SCA scans of new code changes
right
right
right
Daily SCA rescans across all code
cross
cross
right
Import DAST reports from your CI/CD
cross
right
right
Penetration testing (billed separately)
cross
cross
right
License scanning (coming soon)
cross
cross
right
Vulnerability and Risk Management
Central Security and Risk Management Dashboard
cross
right
right
Remediation due date tracker
cross
right
right
Import 3rd party security findings via JIRA
cross
right
right
Live critical security alerts via Slack
cross
right
right
Upload external dependency scan results from your CI/CD post-build (coming soon)
cross
cross
right
SBOM explorer (coming soon)
cross
cross
right
Reporting
Access to Codacy API
right
right
right
Management report across teams and projects
cross
right
right
Real-time security and risk monitor
cross
right
right
Live critical security alerts via Slack
cross
right
right
Custom API scripts for reporting
cross
cross
right
Enterprise Compliance
SOC2-certified cloud infrastructure
right
right
right
Static IP for allowlisting Codacy (billed separately)
cross
check-circle
right
Audit log (via API)
cross
cross
right
Session timeout
cross
cross
right
Access control checks
cross
cross
right
ServiceLevel Agreement (SLA)
cross
cross
right
Customer Experience
Priority support via email & chat
cross
right
right
Premium support via screen sharing and video chat
cross
cross
right
Dedicated Customer Success Manager
cross
cross
right
Tailored user and admin training
cross
cross
right
Custom configuration support
cross
cross
right
Extended proof-of-value (trial)
cross
cross
right

Want to talk?

Talk to Us

FAQS

How does Codacy work?

Codacy is the easiest way for engineering teams to maintain a clean and secure codebase without any pipeline integrations, ready to go with a few clicks:

  1. Log in with your GitHub, Bitbucket or GitLab account to add your organization or workspace (requires org admin permissions)
  2. Add your repositories with the click of a button. Codacy scans the entire codebase for quality and security violations within minutes. Easily browse all findings, and tackle the most critical risks before they cause damage.
  3. As the codebase evolves, every new Pull/Merge Request is scanned in real time, catching new quality and security violations before they get merged, built and released.

On top of code scanning, Codacy tracks test coverage results across files and Pull Requests, preventing untested critical code from being merged.

Why does Codacy not require any CI/CD pipeline integration for code scanning?

Codacy's code scanning as-a-service allows businesses to reduce hosting and maintaining complex, dynamic and costly pipeline integrations while ensuring full quality and security coverage across all projects and languages.

As a 100% cloud-based GitHub, Bitbucket and GitLab app, Codacy uses webhooks to keep track of all code changes in real time, and performs all scans on its own AWS infrastructure, while seamlessly updating the latest coding conventions and scan rules for you to keep up with industry trends and evolving programming languages.

For more details on how Codacy keeps your source code safe, see here.

What sort of quality issues can Codacy detect?

Codacy scans source code in 49 languages across a range of common violations, including error prone code, performance problems, complex code, duplications and code style deviations. Learn more about issue categories here.

What sort of security issues does Codacy detect?

Codacy detects a wide range of security vulnerability types through a curated collection of analysis tools built into the Codacy platform:

  • Static Application Security Testing (SAST)
  • Hardcoded Secrets and Passwords
  • Infrastructure-as-code (IaC scanning)
  • Software Composition Analysis (SCA) / Dependency checks
  • Dynamic Application Security Testing (DAST)
  • Penetration Testing (manual testing via Bulletproof)
  • License scanning (coming soon)

Learn more about security categories here.

Does Codacy support projects versioned on self-hosted GitHub, GitLab or Bitbucket?

No, Codacy currently does not support projects hosted on any on-premise Git deployments.

The supported Git providers are GitHub Cloud, Bitbucket Cloud, and GitLab Cloud.

Does Codacy support projects versioned on Azure Repos?

No, Codacy currently does not support integrations with projects hosted on Azure Repos.

The supported Git providers are GitHub Cloud, Bitbucket Cloud, and GitLab Cloud.

Does Codacy support my programming language?

Codacy supports 49 popular programming languages and frameworks across back-end, front-end, infrastructure-as-code, mobile code, and everything in between. See a full list of supported languages here.

Can I use Codacy locally in my IDE?

Yes, Codacy provides plugins for Jetbrains IDEs and VSCode (requires GitHub, Bitbucket or GitLab integration on codacy.com)

The Codacy plugin shows all scan results and fix suggestions for every open Pull Request right inside the IDE for more seamless code reviews, faster remediation, and to help avoid context switching.

While real-time scanning within the IDE (outside the Pull Request flow) is not supported yet, make sure to stay tuned for a major update to our IDE plugin in 2025! 🤫

Is my code secure?

As we provide cloud solutions for leading enterprises around the world, keeping our customers' data protected at all times is the highest of all priorities. Codacy has implemented bulletproof cloud security measures in accordance with the latest industry standards, and certified by SOC2.

For details on Codacy's security measures, visit https://security.codacy.com.

Is my personal data secure?

Codacy is compliant with the General Data Protection Regulation (GDPR). The purpose of GDPR is to protect the private information of EU citizens and give them more control over their personal data.

For any further questions about personal data privacy, contact us at security@codacy.com.

 

What is the right plan for me?

Open Source (free): For individuals and teams working exclusively on public projects.

Pro: For individuals and teams of up to 30 contributors working on up to 100 private projects.

Business: For engineering organizations with more than 30 contributors or more than 100 private projects, as well as teams with advanced security, reporting, and support requirements (see comparison table above)

 

How does Codacy count user seats?

Codacy requires a seat for every Git contributor who commits code changes to a private repo added to Codacy. Typically, the required number of seats reflects the total size of the development team.

What is a 14-day trial?

Simply sign up with your Git provider (no credit card required), and enjoy full access to the Codacy platform for 14 days, free of charge.

After the trial period, you can upgrade to a paid plan to continue using Codacy with private repositories, or keep scanning your public repositories for free on the Open Source plan.

Which payment methods do you accept?

Codacy accepts credit cards by Visa, Mastercard, American Express, and Discover. Wire transfers and ACH are accepted only for annual Pro and Business plans.

If your preferred payment method is not supported, please contact us at billing@codacy.com.

Can I change or cancel my plan anytime?

Yes, you can change or cancel your plan at any time. If you choose to cancel your annual subscription before the conclusion of the 12 months, your account will continue to work for the remainder of the annual billing period.