Astra pricing

The scanner operates on a subscription model with distinct tiers. Public rates are published for the core tiers, while higher tiers are quoted based on scope and controls. Factors that influence a quote include the number of APIs, required scan frequency, and the level of integration needed with existing tooling.

The free tier is designed for initial evaluation and small scale use. It includes command line interface access and a capped scan volume. Key characteristics are:

• Three scans per month
• CLI access without dashboard features
• No continuous monitoring or alerting
• No integrated CI/CD gates

Organizations evaluating basic coverage can use this tier to validate findings on a limited set of endpoints before committing to a paid plan.

The mid tier increases scope for teams managing multiple APIs. Published rates provide a defined number of scans and APIs per month, with additional units priced incrementally. Included features are:

• Dashboard for scan management and score trending
• Email alerts for new findings
• Monthly scheduled scans
• MCP server for AI assisted tooling
• Basic authenticated scanning for supported identity mechanisms

Organizations with a small to medium API footprint can standardize scanning cadence and track risk over time using the dashboard and reporting exports.

Higher tiers focus on continuous assurance and integration with development workflows. Published rates scale with the number of APIs, and additional units are available beyond the base allowance. Features at these tiers include:

• Continuous monitoring with configurable rescan intervals
• Diff detection across scans to track new and resolved findings
• CI/CD integration with build failure gates
• Slack and Teams alerting
• Compliance reporting aligned to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023)
• Signed webhooks for automated ticket or workflow integration

Enterprises requiring unlimited coverage, custom rules, and SLA guarantees can negotiate terms that include dedicated support and audit logs.

Some scenarios require a tailored quote rather than a published rate. Drivers for custom pricing include:

• Large scale deployments exceeding published API caps
• High frequency scanning requirements
• Advanced authentication setups or nonstandard identity protocols
• Integration with multiple downstream systems or custom reporting formats
• Add-ons such as compliance packs or extended data retention

Because the scanner is read-only and does not modify infrastructure, quotes reflect access, processing, and feature enablement rather than remediation effort.