BrassCoders OSS Core vs Paid: When to Upgrade

All 12 scanners are free in the OSS core; Paid adds ranking, not detection. The honest line on when free is enough and when $12/dev/month pays off.

Copper Sun Brass Team · · 4 min read
comparisonoss-core

Most tool vendors want you on the paid plan as fast as possible. Here’s the answer BrassCoders gives instead: start free, and upgrade only when you can name the reason. The OSS core finds every bug the paid plan finds. What you pay for is ranking, and ranking is only worth money once you have too many findings to read.

The Same Detection, a Different Output

BrassCoders runs the identical 12 scanners on a free install and a paid install, and they find the identical set of bugs. Nothing is gated behind the license. The split is entirely in what comes out: the free core’s heuristic deduplication takes a typical 1500+ raw findings down to roughly 300, and the Paid enrichment ranks those down to a focused 50-80.

So the decision isn’t about coverage. You are not trading away detection by staying free, and you are not buying extra detection by paying. The detail of how the Paid pass ranks and deduplicates is in what the enrichment actually does; this post is about which side of the line you’re on.

When the Free Core Is Enough

BrassCoders’s OSS core is the whole product for a large share of teams, and it’s free forever under Apache 2.0. If your scan’s deduplicated output — roughly 300 findings on a typical codebase — is something you and your AI assistant triage without strain, you’ve already got what you need. Paste the YAML into Claude Code or Cursor, work the list, ship.

A few situations point firmly at staying free: small and mid-size repos where the raw count is low to begin with, occasional rather than daily scanning, and solo or early-stage projects. Regulated and air-gapped environments belong here too — the OSS core makes zero outbound network calls, and --offline enforces it, so the free path is also the compliant one. The reproducible scan data behind these numbers is at coppersun.dev/benchmarks.

When Paid Earns Its $12

BrassCoders Paid earns its keep when 300 findings every scan is more than anyone will actually read, and the ranking to a focused 50-80 buys back more than $12 a month of attention. That’s the threshold: whether the volume is costing you triage time, not repo size in the abstract.

In practice that means a large codebase scanned daily through active feature work, where each scan otherwise dumps a few hundred findings a developer has to re-sort by hand. The arithmetic is unsentimental: if the relevance ranking saves a developer fifteen minutes a week, it has covered its cost several times over. If it doesn’t save you that, don’t pay for it.

The Honest Default: Start Free

BrassCoders treats the OSS core as enough for most users, and says so. The Paid plan is a way to support the project by getting real value from it, and the free tier isn’t crippled to push the upgrade. The right path for almost everyone is to install the OSS core, run it for a while, watch the output volume, and upgrade only when the noise becomes the bottleneck.

The switch is low-commitment in both directions. One license covers 3 machine activations, you can deactivate a machine to free a slot, and cancellation ends at the billing period with no pro-rate math to argue about. You’re never locked in, and the OSS core keeps scanning whether or not a license is active.

Try Both

Start with the free core; add the license only when the volume tells you to.

pipx install brasscoders
brasscoders --offline scan          # free: all 12 scanners, ~300 findings
brasscoders activate <license-key>  # Paid: ranks to a focused 50-80

The full pricing detail is on the pricing page, and the map of everything the scanners find — the part that’s free either way — is in what BrassCoders detects.

Frequently Asked Questions

Is the OSS core a limited trial?

No. The OSS core is the full detection product — all 12 scanners, no caps, Apache 2.0, free forever. It isn't a trial and it doesn't expire. Many teams run only the OSS core indefinitely. Paid adds a ranking pass on top; it doesn't gate detection.

When is the free OSS core enough?

When the raw scan output is already small enough to triage. Small and mid-size repos, occasional scans, and teams that hand the ~300 deduplicated findings straight to their AI assistant rarely need more. In a regulated or air-gapped environment, the OSS core's offline-only operation is itself the reason to stay on it.

When does Paid earn its $12?

When 300 findings every scan is more than you'll read, and ranking them to a focused 50-80 saves more than $12/month of attention. That's usually a large codebase scanned daily during active feature work. The math is plain: if the ranking saves 15 minutes a week, it has paid for itself.

What's identical between the two?

Detection. The same 12 scanners find the same bugs on a free install and a paid install. The difference is entirely in output: heuristic dedup to ~300 on the free core, semantic dedup and relevance ranking to 50-80 on Paid. No bug is hidden behind the paywall.

Can I switch back and forth?

Yes. Activate a license when a project's volume warrants it, deactivate when it doesn't — one license covers 3 machine activations, and cancellation ends at the billing period with no pro-rate. The OSS core keeps working regardless.