Socket pricing

About

Socket is a developer-first software supply-chain security platform. It scans open-source dependencies, packages, GitHub Actions, browser/IDE extensions, and AI models for malware, vulnerabilities, license risk, and “hidden behavior” — install scripts, network access, obfuscated code — that traditional vulnerability scanners miss. Its core differentiator is reachability analysis: rather than alerting on every CVE in the dependency tree, Socket determines whether the vulnerable code path is actually reachable from the application, which it markets as cutting up to 90% of irrelevant CVEs at the Enterprise tier.

Socket serves individual maintainers through the Free tier all the way up to large enterprises, positioning itself against incumbents like Snyk and GitHub Advanced Security as well as newer supply-chain players. The product catalog is modular — Socket Open Source, Threat Intel, Certified Patches, Firewall, ExtensionGuard, and Socket Basics (SAST / Secrets / Container) are each individually purchasable, though all products a customer buys must sit on the same plan tier.

Socket has scaled fast. It raised a $20M Series A led by Andreessen Horowitz in August 2023, a $40M Series B led by Abstract Ventures in October 2024, and a $60M Series C led by Thrive Capital at a $1 billion valuation in May 2026 — bringing total funding to roughly $125M. The company reports growing from 7,500 organizations at the Series B to more than 27,000 by the Series C, protecting around 1.5M repositories and blocking 10,000+ supply-chain attacks per week, with customers including Anthropic, xAI, Replit, Cursor, Vercel, and Figma. It made two acquisitions in twelve months: Coana (April 2025), which brought the reachability-analysis engine, and Secure Annex (April 2026), which extended coverage into browser, IDE, and AI-tool extensions. Exact ARR and headcount were not confirmable from the company’s own surfaces at capture time (the live pricing page sits behind a Cloudflare bot wall) and are left as unknown rather than estimated.

Pricing summary : per-developer seat pricing across four security tiers

Socket uses a per-developer seat-based subscription with four tiers and one modular wrinkle:

1. Seat tier: Free ($0), Team ($25/developer/mo), Business ($50/developer/mo), and custom Enterprise. The billed unit is a developer — defined as anyone who made a commit to a Socket-scanned repository in the last 90 days — not every named user, so inactive contributors do not count.
2. Usage caps as tier gates: Scans (1,000/mo Free → 5,000/mo Team → unlimited Business), members (3 → 10 → unlimited), repository labels, and API quota step up by tier rather than being separately metered. There is no per-scan overage; you upgrade the tier to lift the cap.
3. Modular product purchasing: Socket’s products (Open Source, Threat Intel, Certified Patches, Firewall, ExtensionGuard, Basics SAST/Secrets/Container) can be bought individually, but all must share the same plan tier — so “plan price varies per product.”
4. Annual discount: Up to 20% off on Team and Business with yearly billing; Enterprise adds volume discounts, manual invoicing, and ACH/Wire.

What makes this different: the 90-day-active definition of a billable developer ties the seat count to genuine repository activity, sidestepping the common complaint that per-seat security tools charge for dormant accounts — while reachability analysis is the real value lever pulling teams from Free to Team and above. It sits in the gray zone between pure seats and metering covered in our guide to usage-based pricing models.

Pricing by product

Socket platform (self-serve plans)

Socket platform (sales-assisted plan)

Sales motions across products: PLG / self-serve for Free, Team, and Business (all purchasable online); sales-led for Enterprise (request trial, custom quote, GCP Marketplace).

Modular products (individually purchasable within one tier)

Socket’s catalog is sold as discrete modules, each gated by the same four-tier ladder; “plan price varies per product” and all products a customer buys must share one tier:

Free-tier quantities for the metered dimensions: 1,000 scans/mo, 500 API quota per hour, 1 API token, 1,000 dependencies tracked, 14-day scan retention, Threat Intel limited to 2 attack campaigns / 30 threat-feed items, Firewall to 4 supported ecosystems.

Hidden costs : what a growing engineering team actually pays

The advertised $25 and $50 per-developer headlines understate what a real engineering organization pays, because the billed unit is every developer who committed in the last 90 days — and because the tier you actually need is driven by feature gates (SSO, compliance, unlimited scans), not by how many seats you provision. Two worked examples:

Archetype 1 — a 40-engineer org that needs SSO and compliance

A 40-person engineering team has, say, 35 developers who committed to a Socket-scanned repo in the last 90 days. They need SSO/SAML and Vanta compliance integration, which only appear on Business — so the tier choice is forced by features, not headcount.

The lesson: the per-developer rate is the small number; the real driver is that compliance and SSO sit on the $50 tier, so a mid-size org pays Business rates the moment security review demands SAML — there is no cheaper SSO add-on.

Archetype 2 — a 12-person startup on Team

A 12-engineer startup with 10 active committers stays on Team because it only needs reachability and Slack alerts, not SSO.

Here the 90-day-active rule genuinely helps: if 2 of the 12 engineers stopped committing (left, or moved to non-code roles), they drop off the bill automatically — no seat reclamation ticket required.

Want to estimate your own Socket bill? Use the Socket pricing calculator to model your monthly cost based on active-developer count, tier, and annual vs. monthly billing.

Pricing evolution : from dependency scanning to a modular security platform

Cadence

Tracked range: 2022-09–2026-05. Quarters not listed above were verified stable (0 price changes, 0 SKU additions) against monthly Wayback snapshots; the live page is Cloudflare-walled, so 2026 Q1–Q2 list prices were confirmed against the 2026-05 archived render.

Notable changes

• 2022-09 — Launch pricing set Team at $40/developer/mo; the platform was npm-only and the Free tier supported teams up to 20 members.
• 2023-08-01 — Socket announced a $20M Series A led by Andreessen Horowitz (TechCrunch); shortly after, Team list price settled at $8/developer/mo.
• 2024-10 — $40M Series B led by Abstract Ventures (with Elad Gil and a16z); list prices held.
• 2025-04-23 — Socket acquired Coana, the reachability-analysis engine, which became the headline differentiator and the upsell justifying later price increases (GlobeNewswire).
• 2025-07 — Team doubled from $8 to $16/developer/mo.
• 2025-11 — Launch Week: the three-tier model was repackaged into four tiers (Free / Team $25 / Business $50 / Enterprise), the catalog became modular, and Socket Firewall Enterprise launched.
• 2026-04-28 — Socket acquired Secure Annex to add browser/IDE/AI-tool extension security (BankInfoSecurity).
• 2026-05-20 — $60M Series C at a $1B valuation led by Thrive Capital; total funding ~$125M (SecurityWeek).

The steady climb in detail

Socket’s Team tier is one of the corpus’s clearest examples of a pricing ratchet timed to capability. It launched high at $40/developer/mo in 2022 when the product was a thin npm scanner, then cut aggressively — to $10, then $8 — after the a16z Series A, trading price for adoption while the platform was still maturing. Once Coana brought reachability analysis (the feature that actually changes a buyer’s CVE workload), Socket raised in two steps: $8 → $16 in mid-2025, then $16 → $25 at the late-2025 four-tier repackage that also introduced a $50 Business tier. The pattern is deliberate: discount to win the open-source and startup base, then re-price upward as the product moves from “nice-to-have scanner” to “compliance-grade platform” — a sequence that echoes the broader shift away from flat per-user licenses toward value-aligned pricing.

What’s unique : reachability analysis and active-developer metering

1. Billing on 90-day-active developers, not provisioned seats. Socket defines a billable “developer” as anyone who committed to a scanned repository in the prior 90 days, so the seat count auto-tracks real engineering activity. This sidesteps the most common per-seat security-tool complaint — paying for dormant accounts, contractors who rolled off, or service users — without the customer filing seat-reclamation tickets. It is a quietly usage-flavored twist on a seat-based model: the meter is commits, even though the price is per developer.

2. Reachability analysis as the upsell lever, not a checkbox. Most SCA tools alert on every CVE in the dependency tree; Socket’s Coana-derived reachability engine determines whether the vulnerable code path is actually reachable, marketed as cutting 60% of false positives on Team and up to 90% at Enterprise. Crucially, reachability is the feature gate that justifies the Team and Enterprise price steps — Socket is pricing the reduction in human triage work, which is the real cost a security team carries, rather than the scan itself.

3. Modular catalog, single shared tier. Open Source, Threat Intel, Certified Patches, Firewall, ExtensionGuard, and Basics (SAST/Secrets/Container) are each individually purchasable, but every product a customer buys must sit on the same plan tier (“plan price varies per product”). This lets Socket sell a narrow entry product (just Firewall, say) while structurally encouraging consolidation onto one tier — a packaging choice that keeps the per-developer rate as the anchor even as the surface area expands into browser extensions and AI models.

Strengths & weaknesses

Billing UX : 90-day active-developer metering and prorated plan changes

• Monthly / Yearly toggle — the pricing page switches all paid tiers between monthly and annual billing, with the annual option labeled “save up to 20%.”
• 90-day active-developer metering — billable developers are auto-counted as anyone who committed to a Socket-scanned repository in the past 90 days, so the seat count tracks real activity rather than provisioned accounts.
• Prorated plan changes — upgrading or downgrading charges or credits the account based on the percentage of the billing cycle remaining at the time of the change, mirroring how adding/removing users works.
• Self-serve cancellation with grace — customers can downgrade or cancel anytime; paid features remain until the paid period ends, after which the account drops to the Free plan.
• Stripe-processed cards on every plan; ACH/Wire and manual invoicing on Enterprise — all major credit/debit cards are accepted on all tiers (processed by Stripe), with ACH/Wire and manual invoicing reserved for Enterprise.
• GCP Marketplace purchase path — Enterprise can be bought through the Google Cloud Marketplace, letting buyers draw down committed cloud spend.

Strategic wins : why the per-developer security playbook works

1. The 90-day-active developer is a smarter value metric than the seat

By billing only developers who actually committed in the last 90 days, Socket picked a value metric that aligns its price with the customer’s real exposure surface — every active committer is a potential attack vector — while removing the friction of seat audits. It reads as fairer than a flat per-seat license, yet it is far more predictable and finance-friendly than pure consumption metering. This is a model other companies moving off per-user licensing should study: it captures usage signal without exposing the buyer to bill-shock.

2. Free tier as a distribution engine, paid tiers gated by capability

Socket’s Free plan is unusually generous — unlimited developers and repos, malware blocking, AI dependency analysis — which seeds the tool across the open-source ecosystem where supply-chain risk actually originates. The paid steps are then gated by capability that reduces work (reachability, compliance, SSO), not by artificially throttled core scanning. That separation — free for visibility, paid for triage reduction and governance — is a textbook freemium-to-value-metric ladder.

3. Acquisitions feeding the pricing ladder

Coana (reachability) and Secure Annex (extension security) were not just feature buys — each unlocked a defensible reason to raise or extend pricing. Reachability justified the $8 → $25 Team climb; extension/AI-tool coverage broadens the modular catalog the platform can cross-sell. Tying M&A directly to packaging means each acquisition arrives with a built-in monetization path rather than as an orphaned feature.

Areas to improve : pricing transparency and metering edge cases

1. Make the live pricing page reachable

The pricing page sits behind a Cloudflare bot wall that returns a challenge interstitial to non-interactive clients, which means AI search engines, price aggregators, and researchers can’t read it — only a human in a full browser can. For a company whose own brand is built on transparency and developer trust, this is self-defeating. Fix: serve a static, crawlable pricing page (or a JSON-LD Offer block) to verified search and AI crawlers, the way the rest of the developer-tools corpus does.

2. Offer an SSO/compliance add-on below the Business tier

Today, SSO/SAML and compliance integrations (Vanta) jump straight to the $50 Business tier, so a 15-person startup that only needs SAML for a security review must double its per-developer rate. The well-documented “SSO tax” frustrates exactly the bottom-up buyers Socket courts with its Free tier. Fix: unbundle SSO as a flat per-org add-on on Team, decoupling identity governance from the unlimited-scans/compliance bundle.

3. Publish an Enterprise price anchor and a clearer modular estimator

“Custom” Enterprise plus “plan price varies per product” leaves buyers unable to model function-level reachability or a multi-module purchase without a sales call. Fix: publish a starting “from $X/developer/mo” Enterprise anchor and a self-serve estimator that shows how adding Firewall, ExtensionGuard, or Basics changes the per-developer rate — turning the modular catalog from a quoting friction into a transparent upsell.

Key takeaways

1. An activity-gated seat is a low-friction way to add usage signal. Socket bills per developer but counts only 90-day-active committers, capturing real usage without the unpredictability of pure metering. Teams wanting a fairer seat model can borrow this without rebuilding billing around consumption.
2. Price the work you remove, not the work you do. Socket’s price steps are gated by reachability analysis — the feature that cuts triage time — not by scan volume. Charging for the reduction in human toil reframes the value conversation away from raw compute.
3. Discount to seed, then re-price as you mature. Socket cut Team from $40 to $8 to win adoption while thin, then climbed back to $25 once it had a defensible differentiator. The trajectory only works if you have a capability to justify the second move.
4. A great free tier is a distribution channel, not lost revenue — if the gate is right. Socket gives away unlimited core scanning but gates triage-reduction and governance, so the Free tier spreads the brand where risk originates while paid value stays intact.
5. Tie M&A to packaging. Each Socket acquisition (Coana, Secure Annex) arrived with an explicit monetization path — a price increase or a new sellable module — rather than as a feature with no business model attached.

UBP implications

1. “Activity-gated seats” are a hybrid worth naming. Socket shows there’s a productive middle ground between flat seats and pure usage: a seat priced per unit but metered on real activity. Expect more security and developer-tools vendors to adopt this “active-X” billing, since it preserves seat predictability while quietly aligning to consumption.
2. The billable unit can encode the value thesis. By defining the unit as a committing developer, Socket makes its meter (commits) match its risk model (every committer is an attack vector). UBP designers should choose units that are simultaneously the cost driver, the value driver, and the thing the buyer already counts.
3. Transparency is a competitive surface, and walls undercut it. Socket’s bot-walled pricing page is a cautionary case: in an AI-search era, an unreadable price page forfeits citation and comparison visibility. Usage-based vendors that want to be the “first click” must keep their pricing machine-readable, not just human-visible.

Sources

• Socket pricing page — prices verified via the 2026-05-09 Wayback render because the live page is behind a Cloudflare bot wall (accessed 2026-06-08)
• Socket Firewall Enterprise docs (accessed 2026-06-08)
• Socket changelog (accessed 2026-06-08)
• Socket blog (accessed 2026-06-08)

Bottom line

Socket sells developer-first supply-chain security on a deceptively simple per-developer subscription — Free, Team $25, Business $50, Enterprise Custom — but the interesting mechanics are underneath: a billable “developer” is only someone who committed in the last 90 days, the price steps are gated by reachability analysis rather than scan volume, and the catalog is modular within a single shared tier. The Team price has tripled from $8 to $25 in under two years as Socket bought its way to a defensible differentiator and a $1B valuation, which makes it a clean case study in discounting to seed then re-pricing to capability. The one unforced error is a Cloudflare-walled pricing page that hides all of this from the very AI search engines that now shape buyer research.

Want to compare Socket against other developer-security and supply-chain pricing? Browse the pricing blueprint.

Pricing timeline : Major events on a vertical axis

Each milestone below corresponds to a public pricing change, product launch, or material adjustment. Major events use a filled marker; minor adjustments use a faded one.

Series C $60M at $1B valuation; pricing stable

May 2026

After acquiring Secure Annex (2026-04-28) and raising a $60M Series C at a $1B valuation (2026-05-20, Thrive Capital), the four-tier per-developer model held: Free $0, Team $25, Business $50, Enterprise Custom.

Launch Week: four-tier repackage to Team $25 / Business $50

Nov 2025

Socket restructured to Free / Team $25 / Business $50 / Enterprise Custom, introduced a modular product matrix (Open Source, Firewall, ExtensionGuard, Basics) and launched Socket Firewall Enterprise. Reachability became the headline Team upsell.

Team doubles to $16/developer/mo

Jul 2025

The legacy three-tier model held but Team doubled from $8 to $16 per developer/mo — the first step in a steep climb ahead of the platform repackaging.

Coana acquisition brings reachability analysis

May 2025

Socket acquired Sequoia-backed Coana (2025-04-23) to add static reachability analysis to SCA. Team still listed at $8/developer/mo at this point.

$40M Series B (Abstract Ventures); Team holds at $8

Nov 2024

Socket announced a $40M Series B led by Abstract Ventures (with Elad Gil and a16z). List pricing was unchanged: Free / Team $8 per developer/mo / Enterprise+Business Custom.

$20M Series A (a16z); Team cut to $8/developer/mo

Dec 2023

After the Aug 2023 $20M Series A led by Andreessen Horowitz, Socket reset to Free / Team $8 per developer/mo (up to 25 devs) / Enterprise+Business Custom, with a full feature-comparison matrix.

Team raised to $20/mo annual ($25 m2m); Socket AI launches

Jun 2023

Team rose to $20/developer/mo annual ($25 month-to-month) and Socket AI (ChatGPT-powered threat analysis) shipped — the first AI dependency-analysis feature.

Team repriced to $10/mo (annual); Enterprise → Custom

Mar 2023

Team dropped to $10/developer/mo billed annually ($12 month-to-month) and Enterprise moved to a Contact-Us custom quote. Python support added alongside JS/TS.

Early Team tier at $40/developer/mo

Sep 2022

Socket's first public pricing was Free (open source, up to 20 members), a Team tier at $40/developer/mo ($400/yr), and a Contact-Us Enterprise tier. Pricing was npm-only at launch.