← Back to Blog

Why Thuban Uses Flat-Rate Pricing (And Why That Terrifies the Incumbents)

Editor’s note (July 2026): Our pricing has evolved since this post — Thuban is now £29/mo (Pro), £99/mo (Team) and £299/mo (Enterprise). The argument below — radically cheaper than enterprise scanners — still stands.

July 2026 · 7 min read · The Thuban Team
Pricing

The short version

Thuban is an AI code verification scanner. It catches hallucinated APIs, security vulnerabilities, dead code, taint flows, and copy-paste clones across 10 languages. It has 69 detection rules, OWASP Top 10 compliance, a VS Code extension, an MCP server for AI agents, and a GitHub Action that auto-fixes your PRs.

It starts free with the full ruleset. Pro is £29 a month. £99 for your whole team of up to 10 developers. Not per seat. Not per scan. Not per repo. Flat.

Here’s why.

Your code never touches our servers

This is the part that changes everything.

When you run thuban scan ., the scanner runs on your machine. Your laptop. Your CI runner. Your dev server. The code never leaves. We never see it. We never store it. We never process it.

This means our cost to serve you is, effectively, zero.

No cloud compute per scan. No per-tenant infrastructure. No data pipeline ingesting your source code. No storage clusters. No egress fees. No SOC 2 audit for handling your data because we don’t handle your data.

Compare that to SonarQube Cloud, which runs analysis on their infrastructure, stores your results, maintains per-tenant isolation, and charges you $34/month per developer for the privilege. For a 50-person team, that’s $20,400 a year.

Our 50-person team plan costs $588 a year.

That’s 97% cheaper. Same protection.

We don’t have investors to repay

SonarSource has raised over $400 million in venture capital. Snyk has raised over $1 billion. That money doesn’t come free. It comes with growth targets, revenue expectations, and a price floor that has nothing to do with the cost of serving you and everything to do with the cost of servicing their cap table.

When you pay $34/month for SonarQube, you’re not paying for the scanner. You’re paying for the Geneva office, the Austin office, the 600-person headcount, the enterprise sales team, the account managers, the customer success managers, the solutions architects, and the return that their investors expect on $400 million.

We didn’t do any of that. So we don’t charge for any of that.

The structural trap

Here’s what makes this interesting from a business perspective.

The incumbents cannot respond to flat-rate pricing. It’s not that they don’t want to. It’s that they structurally can’t.

They can’t switch to flat-rate without cratering the per-seat revenue that funds their 600-person operation. SonarQube charging £99/month flat for a whole team instead of $34/month per dev would be a 97% revenue cut on team accounts. You can’t make that work when you’re paying Geneva office rent and honouring investor term sheets.

They can’t fire the sales team because enterprise sales is how they acquire customers at $34–$500/month price points. The sales cycle justifies the price, and the price funds the sales cycle. Remove either and the model collapses.

They can’t un-raise the venture capital. The money is spent. The expectations are set. The board wants 3–5x returns. You don’t get there by offering flat-rate pricing, no matter how many users you have.

They can’t run locally without rebuilding their entire architecture. Their product is designed around server-side analysis because that’s what justifies the recurring cloud subscription. Moving to a local-first CLI would eliminate the technical moat that props up their pricing.

They’re trapped by their own model. We’re not in that trap because we never entered it.

What you actually get

Let’s be specific, because “it’s cheap” means nothing if the product is thin.

69 detection rules across 7 categories:

10 languages: JavaScript, TypeScript, Python, Go, Rust, Ruby, Java, Kotlin, C#, PHP.

Integrations:

SonarQube charges extra for taint analysis (Enterprise only), clone detection (Enterprise only), and their remediation agent (paid add-on). We include everything. Free tier gets the full ruleset. Pro at £29/month adds Crucible and unlimited scans.

“But you’ll raise the price later”

Our early adopters are grandfathered at their current price for life. But even our new pricing is designed to stay flat. Here’s why.

Our costs don’t scale with your usage. The CLI runs on your machine. Whether you run 10 scans or 10,000 scans, it costs us the same: nothing. The dashboard is hosted on Vercel. The npm package is free to distribute. The VS Code extension is free to host on the marketplace. The GitHub Action runs on your CI minutes.

There is no cost pressure that would force us into per-seat pricing. The flat-rate model is a structural advantage — the incumbents can’t copy it without destroying their own revenue. That’s not a bug, it’s the whole point.

The real question

The question isn’t “why is Thuban flat-rate?” The question is “why does everyone else charge per seat?”

The answer is: because they have to. Because they raised hundreds of millions, hired hundreds of people, signed office leases, and built server-side architectures that cost real money to run per customer.

We didn’t do any of that. So we don’t charge for any of that.

We built a scanner that runs on your machine, catches things the others don’t (hallucinated APIs, dead code, clone clusters), maps to OWASP and CWE standards, and integrates with every tool in your workflow. And we charge flat-rate because we can.

The incumbents are terrified of this model, and they should be. Not because one flat-rate scanner is going to bankrupt them overnight. But because it proves the model works. And once it works for code scanning, it works for compliance. For monitoring. For secrets management. For every bloated SaaS tool that charges enterprise prices because of enterprise overhead, not enterprise value.

Flat-rate. Everything included.

No per-seat pricing. No enterprise upsells. No cloud lock-in. Your code stays on your machine.

Get started

Install Thuban and scan your codebase

npm install -g thuban

thuban scan .

Free: All 69 rules, unlimited local scans, CLI, VS Code extension, MCP server.

Pro: £29/month. Crucible deep verification, unlimited scans, priority rule updates.

Team: £99/month flat. Up to 10 developers. Not per seat.

Enterprise: £299/month. SSO, SLA, audit logs, compliance exports. No sales call.

thuban.dev · GitHub · npm

Thuban is built by a small team that believes developer tools should be priced for developers, not for procurement departments. We don’t have a sales team, so if you want to talk, just open an issue or email craig@thuban.dev.