The Action and the CLI run the full engine on your runner. Free forever. No quota, no seat count, no signup. What costs money is the cloud: the layer that keeps your team's run history and makes the repo's memory shared. During the beta, that is free too.
Three tiers. The number is published so you can plan.
Free while the beta runs. Annual $790, two months free.
Items marked (roadmap) are not live yet. We list them so you know what we are building and can tell us what to prioritize. The Team price is published now so you can plan. Beta teams get notice and a founding rate before any price turns on.
Most tools in this category meter the bill per committer. Anyone who pushed to a private repo in the last ninety days counts as a seat, and the invoice moves when your team does. CodeTitan Team is one flat number. Bring every contributor. And the scanner never meters at all: it is free on your runner, with no quota to outgrow.
What the cloud actually adds.
Every dismissal and every applied fix teaches the engine your repo's conventions. That profile lives in .codetitan/, inside the repo. It is yours. It travels with the git history, and it works on the free tier forever. The cloud is where the team sees it together: run history, the dashboard, links you can hand a reviewer. That is the part you will pay for. Not the scanner.
Nothing, during the beta. The GitHub Action and the CLI run on your own machine or CI runner and stay free forever. The cloud features are free while we work with early teams. When the beta ends, the Team tier turns on at $79 a month, flat. The Action and the CLI are not going behind a paywall.
The cloud. Shared run history, the team dashboard, shareable report links, and the managed AI false-positive filter when it lands. The scanner itself stays free on your runner. If you only ever use the Action and the CLI, you never pay.
There is no catch, and there is a reason. The engine runs on your runner, so a free scan costs us nothing. Cloud-first scanners pay compute for every scan they give away, which is why their free tiers are capped. Ours is not.
No. Drop the GitHub Action into any repo and the next PR is reviewed — no account. Or run the CLI locally: `npx @noalia/codetitan analyze .`. You only create an account if you want the cloud: the shared dashboard and run history.
The full deterministic engine: 266 JS/TS rules across security, AI-drift, and code quality, plus cross-file taint analysis (source → sink tracing). SARIF output for the GitHub Security tab. SBOM export in CycloneDX and SPDX formats. PR comments with severity-tagged findings. A per-repo `.codetitan/learned-profile.json` that suppresses findings you have repeatedly dismissed. All of it runs on your runner.
The Action and CLI run the analysis engine entirely inside your own GitHub runner or your own machine. Findings are posted back to your PR. Nothing is sent to our servers unless you opt into a cloud feature. That is the core difference from cloud-first scanners that require connecting your repos to their platform.
Yes. We are working with a small set of design partners right now, and there is a founding rate for teams that join during the beta. Ask us.
JavaScript and TypeScript today — that is where AI-generated code volume and the security gaps your ESLint config misses both concentrate. Other languages are on the roadmap; see the roadmap page for the honest current state of each.
The CLI runs locally today (`npm install -g @noalia/codetitan`), so the analysis itself already runs entirely in your environment. A managed self-hosted / air-gapped deployment is on the Enterprise roadmap — contact us to scope it.
The Action and CLI keep your code in your environment — there is no cloud analysis surface receiving source code. If you opt into the cloud (--upload or --share), what we receive is a findings report: severities, messages, and the flagged lines, not your repository. Reports are never used for model training. We have not yet started a SOC 2 Type II observation — see the Compliance page for the current honest posture.
Drop the Action in, or run the CLI locally. No account, no quota, no card. The next pull request is already reviewed.
