Simple dependency firewall pricing.No seats. No usage limits.
Choose Cloud for SaaS or Enterprise for custom deployment. Users, package requests and bandwidth do not affect price.
Cloud
Cloud-hosted dependency firewall.
1 x package firewall endpoint included
- SaaS only
- Unlimited users and no usage-based limits
- Vulnerability and malware blocking
- Package delay for new releases
- EU data residency and standard support
A firewall endpoint is one ecosystem ruleset and upstream configuration.
Book a demoEnterprise
Custom deployment, support and commercial terms.
Custom firewall footprint
All Cloud capabilities, plus:
- Managed Cloud, BYO Cloud or On-Premise deployment
- Custom firewall endpoint footprint (Package firewall and Container firewall endpoints)
- SSO/OIDC and SIEM export
- SLA and premium support scoped to contract
Cloud add-ons
Add only what you need as your firewall footprint grows.
Optional
Additional firewall endpoints
Add endpoints as teams, environments or ecosystems grow.
SSO/OIDC
Connect your identity provider for centralized authentication.
Container image firewall
Extend firewalling to OCI/container image workflows.
Included in every plan
Compare Cloud and Enterprise
Compare where each plan runs, how teams sign in, and which controls and support terms are available.
Supported ecosystems
Key capabilities
Vulnerability blocking
Block packages with known CVEs before install. Filter by CVSS and EPSS severity.
Vulnerability blocking
Block packages with known CVEs before install. Filter by CVSS and EPSS severity.
- Block by CVSS severity threshold, configurable per registry
- Filter by EPSS exploit probability
- New advisories take effect immediately, no manual updates
- Separate thresholds per firewall or team
- Time-limited exceptions with approval audit trail
Malware blocking
Stop malicious packages before they reach developers or pipelines.
Malware blocking
Stop malicious packages before they reach developers or pipelines.
- Known malware blocked for npm, Maven, PyPI, NuGet, Go and Containers
- Publish scanning for malware, secrets and sensitive data before reaching upstream
Safety delay
Hold newly published versions for a configurable window to close the zero-day gap.
Safety delay
Hold newly published versions for a configurable window to close the zero-day gap.
- Configurable hold window per registry or ecosystem
- Latest safe version served automatically during the hold
- Override with a time-limited exception when needed
License policy enforcement
Block packages with disallowed licenses before they land in a build.
License policy enforcement
Block packages with disallowed licenses before they land in a build.
- Allowlist or blocklist by license type
- Applies at install across all teams and pipelines
- Time-limited exceptions with audit records
Frequently asked questions
What counts as a firewall?
What is included in Cloud?
How are additional Cloud firewalls priced?
Are users, package requests and bandwidth really unlimited?
When should we choose Enterprise?
Which package ecosystems are supported?
Can we deploy on-premise or in our own cloud?
Is SSO/OIDC included?
Is there a trial or proof of concept available?
How does the firewall fit with our existing registries?
See it in your environment
We'll walk through how Dependency Firewall fits into your setup in a 30-minute session.