Pricing

Free OSS core for individuals and small projects. Team tier for orgs that want priority support and the advanced scanners. Both run entirely on your machine.

OSS core

$0 / forever

Everything in the open-source CLI. MIT-licensed; use commercially without restriction.

  • Every scanner: secrets, PII, code quality, AI anti-patterns, phantom imports
  • brassai filter noise-reduction post-processor
  • Watch mode for incremental scans on file change
  • YAML output designed for Claude Code / Cursor consumption
  • Offline-first; never phones home
  • Community support via GitHub Issues
Install via pipx
Recommended for teams

Team tier

$12 / developer / month

Everything in OSS, plus the things teams ask for. Cancel any time. 14-day trial — no card up front.

  • Everything in OSS core
  • Advanced scanners (deeper analysis, more languages, refreshed quarterly)
  • Priority email support — 1 business day SLA
  • License managed by LemonSqueezy — keys validate weekly, otherwise the CLI stays offline-first
  • Per-developer pricing; no minimum seats

Want early access? Email brass@coppersuncreative.com.

BYOK — Bring Your Own Key

Brass scans your code and produces YAML files. It does not call an LLM on your behalf, does not resell tokens, and does not mark up Anthropic's pricing.

When you hand the .brass/ai_instructions.yaml output to Claude Code, Cursor, Continue, or any other AI assistant, you're using your own API access — not ours. Your bill from Anthropic stays the same; your bill from us is just the Brass subscription.

This is a deliberate choice. Bundling LLM credits into a thin tooling layer is bad economics for everyone — the user pays a markup, the vendor takes margin risk on token-price changes, and nobody knows where the money is actually going. BYOK keeps the lines clean.

Pricing FAQ

Is the OSS core actually free for commercial use?

Yes. MIT license. Use it inside your company, fork it, embed it in CI, ship a derivative — all fine. Attribution preserved per the license; no usage caps.

What goes in "advanced scanners"?

Refreshed quarterly. The current plan: deeper SAST coverage (Semgrep ruleset integration), JS/TS taint analysis, and an extended secrets pack covering enterprise-only formats (Okta, ServiceNow, internal SSO tokens). The OSS core never loses features — Team tier is additive.

How does license verification work?

License keys are issued and tracked by LemonSqueezy via their License API. Activation is a single HTTPS call from your machine to LS; afterward the CLI re-validates at most once per week to pick up cancellations or refunds. The actual scanning workflow (brassai scan, watch, filter) makes zero outbound calls — only the three license-management commands talk to LS.

Per-developer pricing — is there a minimum?

No. One developer is fine; ten developers is fine. We don't punish small teams with a "five-seat minimum" that's really just a margin grab.

Refunds / cancellation?

Cancel any time from your billing portal; the subscription ends at the close of the current billing period. License keys remain valid through that period. We don't pro-rate on cancel because the OSS core is enough for most users — the Team tier is a "support yourself by supporting us" relationship, not a hostage situation.