Pricing by Team Footprint
DryRun Security
This pricing model is built to turn a repo level install into an organization level contract. Charging by team footprint means revenue grows when more developers, AppSec engineers, and security leaders rely on the product, not when customers run more scans. That fits DryRun’s workflow, where value comes from being embedded in pull requests, policy writing, and risk review across the engineering org, rather than from raw scan volume alone.
-
Seat or contributor based pricing is common in developer security tools because it tracks the number of people whose daily workflow changes. Semgrep charges per contributor, and GitHub Code Security charges per active committer, which shows buyers are used to paying for the size of the engineering population being covered.
-
Not charging by repository removes a tax on broad rollout. A company can connect many repos, use PR review widely, and add DeepScan or Risk Register later without renegotiating around every new codebase. That makes expansion easier in large engineering orgs with many small services and frequent repo creation.
-
The important difference is that DryRun prices around stakeholder breadth, not just scanner access. The product starts with developers in pull requests, then adds policy authors in AppSec and visibility tools for leaders. As more functions inside the company depend on it, contract value can rise even if scan counts stay flat.
The next step is pricing more explicitly around becoming an AppSec control plane for the whole engineering org. If DryRun keeps adding leader level and policy management workflows, footprint based pricing will support larger renewals and make it harder for simpler per repo scanners to compete on value, even when those rivals look cheaper at first glance.