Orca Doubles Prices By Adding IaC
Orca Security
This shows that Orca was not just adding features, it was moving from a runtime cloud security tool into a broader security budget with a much higher ceiling. Core Orca starts with read only cloud scanning after infrastructure is already running. Code and IaC pull Orca earlier into the workflow, where developers scan Terraform, Kubernetes YAML, containers, and source code before deployment, which makes the product cover more teams and more of the security lifecycle.
-
Orca already prices by the amount of cloud infrastructure a customer protects, with entry pricing starting around $50,000 annually and expansion tied to more workloads and added modules like CIEM, Kubernetes security, and secrets management. Adding code and IaC gives sales teams a concrete reason to raise contract value, not just seat count or workload count.
-
The product change is concrete. Orca added Shift Left Security with a dashboard, CLI, pull request scanning, and policy controls for container images and IaC templates, then expanded that positioning into code security with SCA, secrets detection, and IaC security. That lets one vendor cover both cloud assets in production and the files that created them.
-
This pricing pattern has a close analog in Snyk. After Snyk added code analysis and infrastructure as code to its earlier open source and container bundle, its Team and Business subscription prices roughly doubled. In security software, bundling adjacent workflows often lifts pricing because buyers prefer fewer tools, fewer dashboards, and one policy layer across code and cloud.
The next step is straightforward. As Orca adds orchestration, remediation, and code fix workflows, it can keep turning a cloud scanning purchase into a larger platform contract. In this market, the winning vendors are the ones that start with a simple deployment, then steadily absorb neighboring security jobs before another tool gets there first.