Traceable pricing

Traceable does not publish a public price list for its scanning service. The cost for using Traceable is not quoted as a per seat, per scan, or per API rate; instead, each deployment triggers a custom quote. Factors that typically influence a Traceable quote include the number of endpoints to be tested, required compliance mappings, the desired frequency of scans, and whether continuous monitoring or on demand scanning is requested. Contact with their sales or engineering team is necessary to receive a formal proposal that details expected monthly or annual costs.

middleBrick offers a clearly defined pricing structure that removes the need for custom quotes. Plans are organized as tiers with explicit limits and capabilities. The Free tier allows three scans per month with CLI access. The Starter tier at 99 dollars per month supports monitoring for up to 15 APIs, scheduled monthly scans, a web dashboard, email alerts, and the MCP Server. The Pro tier at 499 dollars per month covers 100 APIs, with additional APIs billed at 7 dollars each, and adds continuous monitoring, GitHub Action integration, scheduled rescans, diff detection, and compliance reporting. An Enterprise tier is available for larger programs, with pricing typically in the 2000 dollars per month range and including unlimited APIs, custom rules, SSO, and dedicated support.

Each middleBrick tier aligns with specific security workflows. The Free tier provides basic scanning capability for individuals or teams validating a small number of APIs. The Starter tier is suitable for small to mid sized programs that need scheduled scans, prioritized findings, and alerting. The Pro tier adds support for CI/CD gates, broader API coverage, and integration with collaboration tools such as Slack and Teams. The Enterprise tier is designed for organizations that require audit logs, SSO, custom rule configuration, and formal SLAs. Across all tiers, the platform emphasizes read only scanning, deletable data, and bounded scanning scope that avoids destructive tests.

middleBrick focuses on black box API security testing without requiring code access or SDK integration. Scan time is typically under one minute for each submission. Supported methods include GET and HEAD by default, with text only POST used for LLM probes. The platform maps findings to OWASP API Top 10 (2023), SOC 2 Type II, and PCI-DSS 4.0 using direct mapping language. It covers areas such as authentication bypass, IDOR, privilege escalation, input validation, data exposure, and LLM security probes. Organizations that need deeper testing, such as destructive payloads or extensive business logic analysis, will still require manual security engagements or additional tooling.

middleBrick maintains a strict posture on data usage and retention. Customer scan data is deletable on demand and is purged within 30 days of cancellation. Scan data is never sold and is not used for model training. The platform blocks requests to private IP addresses, localhost, and cloud metadata endpoints at multiple layers. For authenticated scans, domain verification is enforced through DNS TXT records or HTTP well known files, and credential use is limited to approved headers. These controls help organizations collect audit relevant evidence while reducing risk associated with external scanning.