Pricing
ShieldedStack is runtime enforcement, unified risk scoring, and license compliance for your software supply chain โ on-premises in your environment. You hold the data. You hold the keys. You hold the audit trail.
We don't gate features behind tiers; every tier ships the complete product. What you pay for is scale, support, and the hard engineering behind air-gapped operation and customer-managed keys.
All tiers include all package ecosystems. There are no per-developer fees, no per-request charges, and no surprise overage bills.
30 days. Full Standard-tier features. Free hand-held Quickstart call. No credit card. No self-serve maze.
01
Two proxy modes across all package ecosystems. Run Trust-Then-Verify to inventory real usage, then flip workspaces to Verify-Then-Trust for zero-trust blocking. Allow/deny lists, severity gates, release grace periods, and a standalone scanner handle CI and air-gapped cases.
02
One score per package blending CVE severity, version age, license posture, maintainability, and repository health. Your team gets one prioritised view instead of five tools to correlate.
03
License-change detection, SPDX intelligence, SBOM export in SPDX and CycloneDX, full package-request audit trails, CSV/JSON exports, and Keycloak-backed SSO/SAML on day one.
Scan history, alerts, package metadata, and audit logs stay in your database. We never touch it.
Keycloak ships with the product. SSO and SAML work on day one.
RBAC, audit export, SBOM, license intelligence, risk scoring, proxy modes, and alerts are included everywhere.
You decide how long to keep history. There's no TTL we control.
All prices exclude VAT. Prices in DKK. EUR conversion shown for reference at month-end rate. Invoices issued in DKK; EUR billing available on request.
Single deployment
For small teams running a single production deployment who want the full dependency firewall without procurement drag.
40,000 DKK
/ year (approx. EUR 5,400)
Most teams land here
For mid-market organizations moving from a single security pilot into multiple workspaces across engineering teams.
From 150,000 DKK
/ year (approx. from EUR 20,000)
Scale out
For multi-site companies, MSPs, consultancies, and enterprises that need isolation, rollout help, and faster support.
From 250,000 DKK
/ year (approx. from EUR 33,000)
Regulated and air-gapped
For regulated EU buyers that require air-gapped operation, mirrored intelligence feeds, customer-managed keys, and negotiated operational guarantees.
From 400,000 DKK
/ year (approx. from EUR 53,000)
What you pay more for, as you move up: more installations, more tenants, more workspaces, air-gapped operation, customer-managed keys, faster response SLAs, and the engineering hours behind them. Not features. Not data access. Not auth.
Dependency installation is a high-trust, high-volume operation. Routing every npm install and dotnet restore through a third-party SaaS creates problems regulated buyers can't accept.
ShieldedStack is built and operated by an EU-based company in Denmark. Every license is on-premises by default. Sovereign extends that to air-gapped operation with customer-held encryption keys.
Your dependency graph reveals architectural detail, internal package names, and procurement signals.
On-prem keeps your pipeline running even when external metadata services are down.
On-prem with customer-managed keys closes a gap SaaS providers cannot close architecturally.
ShieldedStack ships with everything you need to deploy yourself. We also offer fixed-scope services for teams who want help getting it right faster.
Half-day remote session: install, first workspace, ecosystems, first policy, console walkthrough.
15,000 DKK (included with Standard+ trial)
Two-day engagement across two weeks: production install, policies, CI integration, alert routing, training.
50,000 DKK (included with Enterprise+)
Policy mapping, CI conversion, and parallel-run validation from Snyk, Sonatype, or Dependabot.
From 40,000 DKK
SIG/CAIQ/VSA responses, GDPR, NIS2, DORA, Schrems II TIA, diagrams, BCP/DR, pen test summary.
50,000 DKK (included with Enterprise+)
Secure dependency management and supply chain security workshops for engineering teams.
25,000-45,000 DKK
Policy review, incident response support, architecture questions, or roadmap input.
2,500 DKK / hour
Installation โ A deployed instance. Production, staging, and DR each count separately.
Tenant โ A top-level isolation boundary. MSPs and holding companies usually need one per customer.
Workspace โ A scope inside a tenant for departments, business units, product lines, or environments.
Project โ A repo, application, or service inside a workspace. Projects are uncapped on every tier.
There's a 30-day free trial with full Standard-tier features and a free hand-held Quickstart call. No credit card. We don't run a self-serve registry, so every trial is provisioned by us.
A signed 30-day license, Docker Compose distribution, scoped private registry credentials, Standard-tier capabilities, email support, and a free 30-minute Quickstart call. If you don't convert, the license enters a 7-day alert-only grace period โ we will never abruptly break your CI.
No. We license by Installation, Tenant, and Workspace count. Add as many developers, CI agents, and projects as you need within those limits.
Only operational scale features. SSO, RBAC, audit export, all ecosystems, both proxy modes, SBOM, license detection, and all alert channels are included on every tier.
Yes, with the Sovereign tier. The CVE feed and risk intelligence are mirrored to a sync bundle you import on your schedule.
All tiers include software updates, CVE feed updates, and email support. Standard adds chat and 4-hour critical response. Enterprise adds 24x5 named engineer support. Sovereign adds 24x7 and a custom SLA.
No. ShieldedStack runs entirely in your environment. The only outbound traffic is CVE feed sync from OSV, GitHub Advisory, and NVD โ and even that can be mirrored offline on Sovereign. We do not phone home. We do not collect usage telemetry. We do not see your dependency graph, ever.
npm, NuGet, PyPI, Maven, Go modules, Cargo, and RubyGems on every tier. See the supported ecosystems page for details.
30 days. Full Standard-tier features. Free Quickstart setup included. No credit card.