Oxeye
Oxeye — Cloud-native SAST and IAST platform tracing vulnerabilities through microservice architectures with context awareness.
Our Verdict
Clever cloud-native AppSec approach, though post-GitLab acquisition the standalone product story is murky.
Pros
- Traces vulnerabilities across microservice call graphs
- Context-aware analysis reduces noisy findings
- Handles polyglot codebases better than classic SAST
- Built for cloud-native Kubernetes architectures
Cons
- Acquired by GitLab in 2024, standalone future unclear
- Was enterprise-priced with opaque quotes
- Less valuable for monoliths and simple apps
- Fewer integrations than established SAST vendors
Best for: Cloud-native shops with heavy microservice sprawl needing cross-service vulnerability tracing.
Not for: Monolith codebases, small apps, or teams wanting a long-term independent vendor.
When to Use Oxeye
Good fit if you need
- Cloud-native SAST with microservice context tracing
- IAST instrumentation for runtime vulnerability confirmation
- API security testing across containerized service boundaries
- DevSecOps pipeline integration for pre-merge security scans
- OWASP Top 10 detection with microservice call chain analysis
Lock-in Assessment
Low 2/5
Lock-in Score 2/5
Pricing
Price wrong?Oxeye Pricing
- Pricing Model
- custom
- Free Tier
- No
- Entry Price
- —
- Enterprise Available
- No
- Transparency Score
- —
Beta — estimates may differ from actual pricing
1,000
1001K10K100K1M
Estimated Monthly Cost
$25
Estimated Annual Cost
$300
Estimates are approximate and may not reflect current pricing. Always check the official pricing page.
Community Discussion
Comments powered by Giscus (GitHub Discussions). You need a GitHub account to comment.