Oxeye
Oxeye — Cloud-native SAST and IAST platform tracing vulnerabilities through microservice architectures with context awareness.
Our Verdict
Clever cloud-native AppSec approach, though post-GitLab acquisition the standalone product story is murky.
Pros
- Traces vulnerabilities across microservice call graphs
- Context-aware analysis reduces noisy findings
- Handles polyglot codebases better than classic SAST
- Built for cloud-native Kubernetes architectures
Cons
- Acquired by GitLab in 2024, standalone future unclear
- Was enterprise-priced with opaque quotes
- Less valuable for monoliths and simple apps
- Fewer integrations than established SAST vendors
When to Use Oxeye
Good fit if you need
- Cloud-native SAST with microservice context tracing
- IAST instrumentation for runtime vulnerability confirmation
- API security testing across containerized service boundaries
- DevSecOps pipeline integration for pre-merge security scans
- OWASP Top 10 detection with microservice call chain analysis
Pricing
Price wrong?Oxeye Pricing
- Pricing Model
- custom
- Free Tier
- No
- Entry Price
- —
- Enterprise Available
- No
- Transparency Score
- —
Beta — estimates may differ from actual pricing
Estimated Monthly Cost
$25
Estimated Annual Cost
$300
Estimates are approximate and may not reflect current pricing. Always check the official pricing page.
Lock-in Assessment
🔄 Thinking about migrating off Oxeye?
Get an AI-drafted migration plan + a copy-paste email to Oxeye support requesting a data export. Pick where you're moving to and tell us your context.
Looking for alternatives to Oxeye?
Answer 4 quick questions — get an AI-ranked shortlist of tools that match your stack and requirements.
Open AI Tool FinderCommunity Discussion
Comments powered by Giscus (GitHub Discussions). You need a GitHub account to comment.