Pricing

Pricing That Scales with Your Team

Start free — no credit card required. IDE extension, MCP server, and Git hooks are unlimited at every tier. Upgrade as your compliance framework needs grow.

Free
$0
Forever free
Get started with AI governance
Individual developers. IDE extension, MCP server, and Git hooks are unlimited. PR Gate (50 evaluations/month). Upgrade to Pro for unlimited evaluations.
OWASP Top 10 (2021) + CWE Top 25 (2024)
VS Code IDE extension (unlimited)
AI policy injection (MCP server, unlimited)
Git hooks (pre-commit validation, unlimited)
PR Gate (50 evaluations/month, resets monthly)
Dashboard with evaluation history
Get Started Free
Most Popular
Pro
$29
per user / month
Custom policies for your team
Growing engineering teams. Adds NIST SSDF, OWASP ASVS L1, CIS Controls, and PCI-DSS.
Everything in Free, plus unlimited PR Gate evaluations
NIST SSDF v1.1
OWASP ASVS L1
CIS Controls v8
PCI-DSS v4.0
Full detection rule library
Advanced compliance dashboard
Start Free Trial
Team
$39
per seat / month
(min 5 seats)
Full-framework compliance
Organizations under regulatory scrutiny. SOC 2, HIPAA, EU AI Act, GDPR, PolicyMerge, OSCAL export.
Everything in Pro
SOC 2 Type II + HIPAA
EU AI Act + GDPR + OWASP ASVS L2
PolicyMerge full suite
SBOM generation (CycloneDX 1.5 + SPDX 2.3)
OSCAL v1.1.2 export
SSO / SAML / OIDC + SCIM v2
GRC integrations (Vanta, Drata, Hyperproof)
Start Free Trial
Business
$59
per seat / month
(min 10 seats)
Enterprise-grade governance
Large organizations requiring NIST 800-53, ISO 27001, SLSA, FedRAMP, StateRAMP with OSCAL webhook push.
Everything in Team
NIST SP 800-53 Rev 5
ISO 27001:2022 + SLSA v1.0
FedRAMP Moderate + StateRAMP
OSCAL webhook push
Immutable evidence artifacts (signed)
Multi-tenant RBAC + Team
Dedicated CSM + SLA
Contact Sales
Enterprise
Custom
 
PolicyMesh governance at enterprise scale
PolicyMesh governance at enterprise scale. GovCloud deployment (FedRAMP High, IL4/IL5) available as Enterprise customization.
Everything in Business
DORA + NIS2 + Colorado AI Act
GovCloud deployment (FedRAMP High, IL4/IL5)
Custom detection rule development
White-label options
Dedicated government tenant
CAC/PIV authentication
Air-gapped deployment
Contact Sales
Annual billing saves approximately 15–17% vs. monthly pricing.

Full Feature Comparison

Feature Free Pro
$29/seat		 Team
$39/seat		 Business
$79/seat		 Enterprise
Custom
Detection
Detection RulesOWASP+CWE subsetFull libraryFull libraryFull + customFull + custom
Languages SupportedAllAllAllAllAll
Semgrep (AST) RulesOWASP+CWEFull libraryFull libraryFull libraryFull + custom
Regex PatternsOWASP+CWEFull libraryFull libraryFull libraryFull + custom
Developer Integration
VS Code IDE extension
Git Hooks
AI Policy Injection (MCP)
PR Gate (server-side enforcement)50 evals/moUnlimitedUnlimitedUnlimitedUnlimited
Compliance Frameworks
OWASP Top 10 + CWE Top 25
NIST SSDF + OWASP ASVS L1 + CIS + PCI-DSS
SOC 2 + HIPAA + EU AI Act + GDPR + ASVS L2
NIST 800-53 + ISO 27001 + SLSA + FedRAMP + StateRAMP
DORA + NIS2 + Colorado AI Act✓ (Ent+)
FedRAMP High + IL4/IL5✓ (GovCloud)
Compliance Features
PolicyMerge (multi-framework deconfliction)Full suiteFull + conflict detectFull
SBOM Generation (CycloneDX 1.5 + SPDX 2.3)
OSCAL v1.1.2 Export (JSON/XML/YAML)✓ (Business+)
OSCAL Webhook Push
Immutable Evidence Artifacts (cryptographic)✓ Signed✓ Signed
PDF Compliance Reports + CSV Exports
Enterprise Features
SSO / SAML / OIDC + SCIM v2
RBAC + Team Management✓ Granular✓ Granular
GRC Integrations (Vanta, Drata, Hyperproof)
Multi-Tenant Support
API Access + WebhooksFull APIFull API
Support
Support LevelCommunityStandardPriority + SLADedicated CSMDedicated CSM + TAM
SLAStandardCustomCustom

Frequently Asked Questions

Can I try MergeGuide before buying?
Yes. The Free tier gives you basic detection rules and IDE integration with no time limit. Teams and Business tiers include a free trial so you can evaluate with your team before committing.
What counts as a seat?
A seat is any active developer who uses MergeGuide within your organization during a billing period. Seats are billed monthly or annually.
What languages does MergeGuide support?
MergeGuide supports Go, Python, JavaScript, TypeScript, Java, C#, Ruby, PHP, Swift, Kotlin, Rust, C/C++, Terraform, and Dockerfile with both structural (Semgrep) and pattern-matching (regex) detection engines. See our documentation for the full detection catalog.
What is MCP AI integration?
MCP (Model Context Protocol) integration injects your organization's policies directly into AI coding assistants. Your AI knows your rules before it generates code — prevention, not just detection. Available on all tiers including Free — policy injection is a core feature, not a paid add-on.
What are evidence artifacts?
Every PR Gate evaluation generates an immutable, cryptographically signed record proving that code was validated against your policies. Artifacts are designed for auditors and retained to exceed every major framework's requirement.
Do you offer annual billing?
Yes. Annual billing saves approximately 15–17% compared to monthly pricing.
Which compliance frameworks are supported?
OWASP Top 10, CWE Top 25, NIST SSDF, OWASP ASVS, CIS Controls, PCI-DSS, SOC 2, HIPAA, EU AI Act, GDPR, NIST 800-53, ISO 27001, SLSA, FedRAMP, StateRAMP, NIS2, DORA, Colorado AI Act, and more. Enterprise tier adds DORA, NIS2, and Colorado AI Act. See the full feature comparison above for tier-by-tier availability.

Ready to get started?

Start free or book a demo to see the platform in action. No credit card required.

Get Started Free Talk to Sales