Pricing
Continuous testing, priced for every team
Other bug bots read the diff and guess. Qodex runs your real test scenarios against every pull request and shows what actually broke, with the failing request and response. One platform for PR review, API and UI testing, and security, with deterministic runs that stay cheap as your suite grows.
Rated 4.9 / 5 on G2 · works in GitHub, the CLI, and Slack
Free
Try continuous testing
$0
Free for every developer
Limited monthly usage to evaluate Qodex against your real app.
- Connect one GitHub repository
- Real test runs on your pull requests
- Import scenarios from OpenAPI, Postman, spreadsheets, and existing tests
- API and UI scenario runs against your app
- Core OWASP-aligned security probes
- Findings with the failing request, response, and screenshot
- Community support
Recommended
Pro
Continuous testing for your team
Usage for active teams shipping every day.
Everything in Free, plus:
- Unlimited repositories and projects
- Continuous testing on every pull request and deploy
- Scenario layer that adapts as your code changes, with coverage-gap generation in chat
- Full API testing: multi-step flows, auth profiles, and API governance
- Full UI testing: browser runs and the UI Pages catalog
- Full OWASP security suite, with findings filed against the PR
- Velocity analytics: review cycle time, queue depth, flaky rate, and coverage
- CI/CD, Slack, Jira, and Cursor (MCP) integrations
- Scheduled and webhook-triggered runs
- Priority support
Enterprise
Continuous testing at scale
Talk to the team
Custom pricing for larger organizations
Custom usage and limits, shaped around your org.
Everything in Pro, plus:
- SSO / SAML, role-based access, and audit logs
- Advanced security and compliance, data redaction, and mTLS
- Custom data retention controls
- Custom usage limits and unlimited environments
- Webhooks and API access
- Dedicated support, onboarding, and SLAs
Compare plans
What each plan can do
Every plan runs your scenarios against the real app. Higher plans add coverage, security depth, and the controls larger teams need.
| Capability | Free | Pro | Enterprise |
|---|---|---|---|
| Scenario layer | |||
| Import from OpenAPI, Postman, spreadsheets, and existing tests | Import from OpenAPI, Postman, spreadsheets, and existing tests: included | Import from OpenAPI, Postman, spreadsheets, and existing tests: included | Import from OpenAPI, Postman, spreadsheets, and existing tests: included |
| Manage your test scenarios in one place | Manage your test scenarios in one place: included | Manage your test scenarios in one place: included | Manage your test scenarios in one place: included |
| Generate scenarios to close coverage gaps in chat | Generate scenarios to close coverage gaps in chat: not included | Generate scenarios to close coverage gaps in chat: included | Generate scenarios to close coverage gaps in chat: included |
| Scenarios adapt as your code changes | Scenarios adapt as your code changes: not included | Scenarios adapt as your code changes: included | Scenarios adapt as your code changes: included |
| PR review | |||
| Real test runs on your pull requests | Real test runs on your pull requests: included | Real test runs on your pull requests: included | Real test runs on your pull requests: included |
| Inline findings: failing request, response, and screenshot | Inline findings: failing request, response, and screenshot: included | Inline findings: failing request, response, and screenshot: included | Inline findings: failing request, response, and screenshot: included |
| GitHub App and PR status check | GitHub App and PR status check: included | GitHub App and PR status check: included | GitHub App and PR status check: included |
| Runs on every PR and deploy | Limited | Every PR + deploy | Every PR + deploy |
| Repositories | 1 repo | Unlimited | Unlimited |
| API testing | |||
| HTTP and GraphQL scenario runs | HTTP and GraphQL scenario runs: included | HTTP and GraphQL scenario runs: included | HTTP and GraphQL scenario runs: included |
| Multi-step flows and auth profiles | Multi-step flows and auth profiles: not included | Multi-step flows and auth profiles: included | Multi-step flows and auth profiles: included |
| API governance coverage view | API governance coverage view: not included | API governance coverage view: included | API governance coverage view: included |
| UI testing | |||
| Browser (Playwright) scenario runs | Browser (Playwright) scenario runs: included | Browser (Playwright) scenario runs: included | Browser (Playwright) scenario runs: included |
| Natural-language UI steps with screenshots | Natural-language UI steps with screenshots: included | Natural-language UI steps with screenshots: included | Natural-language UI steps with screenshots: included |
| UI Pages catalog | UI Pages catalog: not included | UI Pages catalog: included | UI Pages catalog: included |
| Security | |||
| OWASP-aligned hostile-mode probes (SQLi, XSS, SSRF, IDOR/BOLA, auth bypass) | Core | Full suite | Full suite |
| Security findings filed against the PR | Security findings filed against the PR: included | Security findings filed against the PR: included | Security findings filed against the PR: included |
| Advanced compliance, data redaction, and mTLS | Advanced compliance, data redaction, and mTLS: not included | Advanced compliance, data redaction, and mTLS: not included | Advanced compliance, data redaction, and mTLS: included |
| Velocity analytics | |||
| Review cycle time, queue depth, flaky rate, and coverage trends | Review cycle time, queue depth, flaky rate, and coverage trends: not included | Review cycle time, queue depth, flaky rate, and coverage trends: included | Review cycle time, queue depth, flaky rate, and coverage trends: included |
| Integrations and support | |||
| CI/CD, Slack, Jira, and Cursor (MCP) | CI/CD, Slack, Jira, and Cursor (MCP): not included | CI/CD, Slack, Jira, and Cursor (MCP): included | CI/CD, Slack, Jira, and Cursor (MCP): included |
| Scheduled and webhook-triggered runs | Scheduled and webhook-triggered runs: not included | Scheduled and webhook-triggered runs: included | Scheduled and webhook-triggered runs: included |
| Support | Community | Priority | Dedicated + SLA |
| Security and administration | |||
| SSO / SAML | SSO / SAML: not included | SSO / SAML: not included | SSO / SAML: included |
| Role-based access | Role-based access: not included | Role-based access: not included | Role-based access: included |
| Audit logs | Audit logs: not included | Audit logs: not included | Audit logs: included |
| Custom data retention | Custom data retention: not included | Custom data retention: not included | Custom data retention: included |
| Webhooks and API access | Webhooks and API access: not included | Webhooks and API access: not included | Webhooks and API access: included |
Trusted by 10k+ teams
Make testing continuous.
Run your scenarios against every PR and deploy, and see what actually broke. Start free in minutes.