Vornin
Start Free
Scan. Resolve. Prove.

Vulnerability management pricing
made easy.

Security scanning and compliance mapping fused on one EU-hosted platform.

  • 15 scanners, 9 frameworks
  • EU data residency
  • No credit card required
Free
€0 /month, forever
3 targets

Try every scanner on 3 targets. Free forever.

  • All 15 scanners
  • EU-hosted in Germany
  • AI-enriched findings (CVE/CVSS/EPSS/KEV)
  • 1 compliance framework preview
Start free
Team
€129 /month
5 targets

For solo IT and small teams running their own scans.

All Free features, plus

  • 5 scheduled scans
  • All 9 frameworks + attestation workflow
  • Tenant audit log
  • REST API access
  • AI triage
Start free trial
Recommended
Business
€299 /month
5 targets

For organisations preparing for NIS2, DORA, or ISO 27001 audits.

All Team features, plus

  • 15 scheduled scans
  • Auditor pack PDF (tenant-wide bundle)
  • Tamper-evidence chain
  • SAML SSO + SCIM
  • Tenant governance (IP allowlist, RBAC, TOTP)
Start free trial
Scale
€699 /month
5 targets

For large international organisations with multi-cloud estates or regulated audits.

All Business features, plus

  • Unlimited scheduled scans
  • CI/CD build gates
  • White-label reports + branding
  • Dedicated scan worker
Request a trial
Need more targets? Use the slider to fit your needs. Targets:
5 200+

A target is a hostname, IP, IP range, URL, or cloud account (AWS, Azure, GCP, Kubernetes). Volume discounts apply after 50 and 100 targets. Need more than 200? Type any number — the rate stays at €3/target (€2.40 annual).

Compare tiers

What's in each tier.

Compare tiers Targets: 5
Free €0
Team €129
Business €299
Scale €699
Coverage
Scheduled scans
Hands-off scans on your cadence. Free runs manual only.
Manual
5
15
Unlimited
AI triage and remediation guidance
Per-finding exploitability assessment, suppresses CVSS noise.
Attack surface management
Continuous attack surface monitor + per-asset risk score 0-100. Find what you forgot you owned. All tiers can run the subdomain scanner on demand; automatic daily monitoring requires Team+.
CVE / CVSS / EPSS / KEV enrichment
Every finding enriched with NVD lookup, exploit probability, and CISA known-exploited flag.
Reachability filter on dependency findings
Drops CVEs in code paths your app never imports. No more noise on transitive deps.
Compliance
EU compliance framework mapping
NIS2, DORA, ISO 27001, SOC 2, GDPR, HIPAA, PCI DSS, CIS Controls v8, NIST 800-53 mapped to your findings.
1 preview
Attestation workflow with evidence vault
Per-control sign-off, history, expiry reminders. Acts on the frameworks you see.
Auditor pack (tenant-wide compliance bundle PDF)
Hand the auditor a chain, not a folder of PDFs. No competing tool ships this.
Tamper-evidence chain (signed audit trail)
Cryptographic hash chain on every finding event. Survives forensic challenge.
Operations
PDF report export
Technical and executive PDFs per scan. Free is in-app only.
SARIF, SBOM, and CSV exports
SARIF v2.1.0 for CI, CycloneDX SBOM for supply chain, CSV for everything else.
Scan import (Nessus, OpenVAS, CSV, JSON)
Bring history from your previous scanner. No starting from zero.
Scan comparison
Diff two scans. See what's new, fixed, or regressed since last time.
Suppression rules
Triage once. Pattern, host, and scanner filters silence known false positives.
Webhooks and chat alerts (Slack, Teams, Jira, Discord)
Push findings into your team's channels and tickets.
SLA enforcement with auto-escalation
Email and webhook on breach. The system chases stale findings.
Drift detection alerts
Alerts when an asset's posture changes between scans.
REST API access
Programmatic scan creation, finding queries, report retrieval.
Git PR write-back (GitHub, GitLab, Azure DevOps)
Auto-issues and PR fix-plan comments on High/Critical findings.
CI/CD build gates (block on Critical/High)
Shift security left. Fail the pipeline before the vulnerability ships.
Custom PDF branding (logo, colour, footer)
Your logo, primary colour, and footer text on every report.
Full white-label (Vornin branding removed)
Reports leave no trace of Vornin. For MSPs and resold deployments.
Dedicated scan worker
Isolated compute for predictable scan duration.
Security
Unlimited users
No seat tax. Add the whole team. More eyes on findings, not on the invoice.
Tenant audit log (action trail)
Full per-tenant action trail of who did what, when. Baseline for any audit interview.
Tenant governance (IP allowlist, RBAC, TOTP enforcement)
IP-range gating, Owner/Admin/Member roles, tenant-wide MFA enforcement.
SAML 2.0 SSO
Federated identity with any SAML 2.0 IdP. Tested with Okta, Entra ID, Google Workspace, PingFederate.
SCIM 2.0 provisioning
Automated user and group lifecycle from your IdP. Writable Users + Groups.
Integrations
Cloud providers
AWS, Azure, GCP via read-only IAM. Kubernetes via kubeconfig. Each connection counts as one target.
AWS Azure GCP Kubernetes
AWS Azure GCP Kubernetes
AWS Azure GCP Kubernetes
Code hosts
Clone for SAST, secrets, dependency scans. PR write-back gated at Business+.
GitHub GitLab Azure DevOps
GitHub GitLab Azure DevOps
GitHub GitLab Azure DevOps
Chat & ticketing
First-class webhook payload shapes for each platform.
Slack Teams Jira Discord
Slack Teams Jira Discord
Slack Teams Jira Discord
Identity providers (SAML + Entra OIDC)
Standards-compliant SAML 2.0 plus dedicated Entra ID OIDC flow.
Okta Entra Google Workspace PingFederate
Okta Entra Google Workspace PingFederate

Prices in EUR exclude VAT. Reverse-charge for EU business customers with a valid VAT ID. USD / GBP available on request.

What's included in the free trial?

14 days of full Team or Business access, depending on which plan you start. No credit card required. Cancel anytime during the trial, or pick a paid tier at the end. Scale is request-based — contact us for a Scale trial.

How is your pricing calculated?

Each paid tier has a flat base price plus a target slider with volume discounts (€5/target up to 50, €4 up to 100, €3 above). Annual rates are €4 / €3.20 / €2.40 respectively.

What counts as a target?

A hostname, IP, IP range, URL, or cloud account (AWS, Azure, GCP, Kubernetes). Everything you put under our scanners counts once against your target total.

Can I change the number of targets after I sign up?

Yes. Slide the target count up or down in-app at any time. Increases are prorated to your billing cycle; decreases take effect on your next renewal.

Does your pricing include VAT?

Listed prices exclude VAT. EU business customers with a valid VAT ID pay no VAT under the reverse-charge mechanism. Other EU customers see local VAT added at checkout by Paddle, our Merchant of Record. Non-EU customers see local sales tax where applicable.

Can I cancel my plan at any time?

Yes. Monthly plans are rolling, cancel anytime with no notice period. Annual plans run for 12 months and renew unless cancelled before the renewal date. See our terms.

What happens to my data if I cancel?

Your data stays available for 30 days after cancellation so you can export findings, reports, and audit evidence. After 30 days it is permanently deleted. You can request immediate deletion at any time per our DPA.

Question not covered? Email hello@vornin.com.

Get started

Get results on your security and compliance posture in minutes.

Start free, upgrade when you need to, cancel any time. 14-day trial on Team and Business — no credit card required.

Start free trial Need Scale? Request a trial

MSP or multi-tenant resale? Email us