Simple dependency firewall pricing.No seats. No usage limits.

Choose Cloud for SaaS or Enterprise for custom deployment. Users, package requests and bandwidth do not affect price.

Recommended

Cloud

Cloud-hosted dependency firewall.

€299/month

1 x package firewall endpoint included

  • SaaS only
  • Unlimited users and no usage-based limits
  • Vulnerability and malware blocking
  • Package delay for new releases
  • EU data residency and standard support

A firewall endpoint is one ecosystem ruleset and upstream configuration.

Book a demo

Enterprise

Custom deployment, support and commercial terms.

Custom

Custom firewall footprint

All Cloud capabilities, plus:

  • Managed Cloud, BYO Cloud or On-Premise deployment
  • Custom firewall endpoint footprint (Package firewall and Container firewall endpoints)
  • SSO/OIDC and SIEM export
  • SLA and premium support scoped to contract

Cloud add-ons

Add only what you need as your firewall footprint grows.

Optional

Additional firewall endpoints

Add endpoints as teams, environments or ecosystems grow.

€99 / endpoint / month

SSO/OIDC

Connect your identity provider for centralized authentication.

€129 / month

Container image firewall

Extend firewalling to OCI/container image workflows.

Included in every plan

Unlimited users
No usage-based limits
All ecosystems
Vulnerability blocking
Malware blocking
Package delay
License policy
Audit logs

Compare Cloud and Enterprise

Compare where each plan runs, how teams sign in, and which controls and support terms are available.

Deployment and environment
Cloud
Enterprise
Deployment option
SaaS only
Managed Cloud, BYO Cloud or On-Premise
Data residency and hosting
EU-hosted
EU, private cloud or customer environment
Firewall endpoint model
1 endpoint included, add more as needed
Custom endpoint footprint
Additional endpoint pricing
€99 / endpoint / month
Volume pricing
Identity, access and coverage
Cloud
Enterprise
User sign-in
Google, Microsoft and GitHub
Scoped to contract
SSO/OIDC
Add-on, €129 / month
Scoped to contract
Role-based access control
Included
Scoped to access model
Audit export
Audit logs included
SIEM export as needed
Container image firewall
Add-on
Scoped to contract
Support and commercial terms
Cloud
Enterprise
Support level
Standard support
Premium support
SLA
Not included
Scoped to contract
Commercial terms
Standard monthly pricing
Custom contract and deployment terms

Supported ecosystems

npmnpm
MavenMaven
PyPIPyPI
NuGetNuGet
GoGo
OCIOCI
DockerDocker

Key capabilities

Vulnerability blocking

Block packages with known CVEs before install. Filter by CVSS and EPSS severity.

  • Block by CVSS severity threshold, configurable per registry
  • Filter by EPSS exploit probability
  • New advisories take effect immediately, no manual updates
  • Separate thresholds per firewall or team
  • Time-limited exceptions with approval audit trail

Malware blocking

Stop malicious packages before they reach developers or pipelines.

  • Known malware blocked for npm, Maven, PyPI, NuGet, Go and Containers
  • Publish scanning for malware, secrets and sensitive data before reaching upstream

Safety delay

Hold newly published versions for a configurable window to close the zero-day gap.

  • Configurable hold window per registry or ecosystem
  • Latest safe version served automatically during the hold
  • Override with a time-limited exception when needed

License policy enforcement

Block packages with disallowed licenses before they land in a build.

  • Allowlist or blocklist by license type
  • Applies at install across all teams and pipelines
  • Time-limited exceptions with audit records

Frequently asked questions

What counts as a firewall?
A firewall endpoint is one ecosystem ruleset and upstream configuration. One npm policy in front of one upstream is one endpoint. One Maven policy in front of another upstream is a second endpoint. You can also run multiple npm endpoints with different rules for separate teams, applications or environments.
What is included in Cloud?
Cloud includes one SaaS dependency firewall endpoint with full rule definition capabilities to block malicious, vulnerable and unwanted packages. Additional endpoints can be added as your firewall footprint grows. All supported ecosystems, EU data residency, standard support and login with Google, Microsoft or GitHub are included. Users, package requests and bandwidth are unlimited.
How are additional Cloud firewalls priced?
Cloud includes one dependency firewall endpoint. Additional Cloud endpoints are priced per endpoint, so cost stays tied to policy endpoints, not developers or packages.
Are users, package requests and bandwidth really unlimited?
Yes. Cloud and Enterprise both include unlimited users, unlimited package requests and unlimited bandwidth. There are no per-seat fees, per-scan fees or usage-based overages.
When should we choose Enterprise?
Choose Enterprise when you need a custom firewall footprint, Managed Cloud, BYO Cloud, On-Premise deployment, Container image firewall, SSO/OIDC, SIEM export or premium support with an SLA scoped into the contract.
Which package ecosystems are supported?
Dependency Firewall supports npm, Maven, PyPI, NuGet, Go and OCI. npm, Maven, PyPI, NuGet and Go are included on both Cloud and Enterprise. Container image firewall is available as a Cloud add-on and is scoped separately on Enterprise.
Can we deploy on-premise or in our own cloud?
Yes. Managed Cloud, BYO Cloud and On-Premise deployment options are available on Enterprise. Cloud is SaaS only.
Is SSO/OIDC included?
Cloud and Enterprise both include Google, Microsoft and GitHub login. For centralized user management and connecting your own identity provider, SSO/OIDC is available as a Cloud add-on and is scoped into Enterprise when needed.
Is there a trial or proof of concept available?
Yes. Book a demo and we can scope a proof of concept for your package ecosystems and pipeline setup.
How does the firewall fit with our existing registries?
Dependency Firewall sits in front of your existing package registries. No migration needed. It works with standard package managers including npm, bun, yarn, mvn, pip and nuget. Redirect your package manager config to the firewall endpoint and your upstream registries stay unchanged.

See it in your environment

We'll walk through how Dependency Firewall fits into your setup in a 30-minute session.

Book a demo