GenegicOps Logo
Book Demo Start Free
Product Solutions Pricing Resources Docs Login Book Demo Start Free
Pricing Plans

Simple, Infrastructure-Based Pricing

Connect your AWS accounts and find drift in minutes. Choose a plan that matches your engineering scale.

Free

For learning and evaluating drift detection.

$0 / month
  • 1 AWS account
  • Daily drift scans
  • Manual remediation
  • Community support
Start Free

Starter

For small teams securing initial applications.

$49 / month
  • 1 AWS account
  • Continuous drift scans
  • Slack integration
  • 7-day configuration history
  • Email support
Subscribe Starter

Scale

For growing startups running multi-tier workloads.

$149 / month
  • 5 AWS accounts
  • Continuous drift scans
  • AI explanation engine
  • Automated remediation scripts
  • 30-day configuration history
Subscribe Scale

Growth

For larger organizations managing complex environments.

$399 / month
  • 20 AWS accounts
  • ✓ AWS Organizations Autodiscovery
  • ✓ SOC 2 & ISO compliance dashboards
  • ✓ Slack, PagerDuty, and MS Teams
  • ✓ 90-day configuration history
Subscribe Growth

Enterprise

For organizations demanding custom SLA and SSO.

Custom
  • Unlimited AWS accounts
  • ✓ Custom drift scan frequencies
  • ✓ Single Sign-On (SAML/OIDC)
  • ✓ Dedicated compliance engineer
  • ✓ Custom contract & SLAs
Contact Sales

Compare Platform Features

Feature Free Starter Scale Growth Enterprise
AWS Accounts Included 1 Account 1 Account 5 Accounts 20 Accounts Unlimited
Drift Scan Frequency Daily Continuous Continuous Continuous Custom (Up to 1 min)
Auto Remediation Code ✓ Yes ✓ Yes ✓ Yes
AI Explanation Engine ✓ Yes ✓ Yes ✓ Yes
History Retention 24 Hours 7 Days 30 Days 90 Days Unlimited
Compliance Auditing Basic Checks Full Audit Full Audit + Dashboards Custom Frameworks
API & Webhooks Basic Webhooks Full API access Custom Webhooks + SSO

Frequently Asked Questions

Find answers to technical questions about credentials, security permissions, compliance workflows, and product integrations.

GenegicOps operates strictly on a read-only architecture by default. When you hook up an AWS account, you deploy a CloudFormation stack that creates a cross-account IAM role containing the standard SecurityAudit policy. We cannot change resources unless you choose to deploy our write-back role for autonomic healing.
Yes. GenegicOps connects directly to Terraform Cloud, Terraform Enterprise, and GitLab/GitHub HTTP backends. We authenticate to download state files dynamically and extract resource configuration declarations.
Yes. By default, GenegicOps generates remediation scripts as dry-run pull requests or dashboard alerts. You can review the exact Terraform script block, run local plans, and approve them manually. You can also configure auto-apply on a per-environment basis (e.g. auto-apply in Development, review in Production).
No. GenegicOps will never modify your infrastructure unless you explicitly toggle "Autonomic Healing" for specific rules and deploy our write-back IAM policy. We prioritize developer control and GitOps workflows.
GenegicOps is completely agentless. There is no software to install on your EC2 instances or inside Kubernetes pods. We query configurations strictly via the native AWS Cloud APIs and compare them against your IaC declarations.
Our standard credential requires the AWS managed SecurityAudit policy, plus minimal list permissions to read resource configurations. We do not require data-plane access (e.g. we cannot view contents of S3 buckets or database records).
Yes. All configurations metadata pulled from your accounts is encrypted at rest using AES-256 keys and encrypted in transit using TLS 1.3. We host our analysis endpoints in ISO-certified datacenters.
No. GenegicOps only indexes metadata configurations of resource declarations. We do not store, look at, or process secrets, database credentials, environment values, or application files.
Currently, GenegicOps is focused on AWS environments. Support for GCP (Google Cloud Platform) and Microsoft Azure is on our roadmap for later this year.
We support SOC 2 Type II, ISO/IEC 27001:2022, CIS AWS Foundations v3.0, NIST SP 800-53, PCI-DSS v4.0, and HIPAA Security Rules out of the box.
On our paid plans, scans are performed continuously. We hook into AWS EventBridge streams so that when a resource is created, modified, or deleted in your account, it triggers a delta scan within 60 seconds.
Yes, using our simple YAML custom guardrail parser. You can write custom rules specifying forbidden instance sizes, required tag keys, or disallowed public network configurations, and apply them across accounts.
Yes. Subscribing to any paid plan annually saves you 20% compared to monthly billings. Annual plans are billed upfront.
Yes, we offer a 14-day free trial on our Scale and Growth plans, with no credit card required to start scanning.
If you exceed your account limit, we'll notify you to upgrade to the next tier. We will not block scanning immediately, giving you a 7-day grace period to adjust configuration or change plans.
Yes, we support OpenTofu state file standards out of the box. We also support Terragrunt configurations, parsing the generated state directories and remote backend block links.
Yes, we offer a CLI client that can be called during your GitHub Actions, GitLab CI, or Jenkins build cycles to check for drift status before deploying changes.
We support Slack webhooks, PagerDuty incidents routing, email lists, Microsoft Teams channels, Datadog event feeds, and custom HTTP webhooks.
Yes, for enterprise customers we offer a self-hosted option deployed inside your own AWS VPC using an Amazon EKS cluster. Contact sales for details.
Free plan has community forum support. Starter/Scale have email support with 24h response time. Growth has priority email/Slack support. Enterprise has 24/7 phone/Slack support and a 30-minute critical incident SLA.
Yes, you can generate exportable PDF and CSV reports displaying detailed history of all drift occurrences, audit actions, and compliance checks, which can be directly handed over to SOC 2 or ISO auditors.