Billing & Access

Use People to manage access. Use Billing to manage seats, credits, and payment. This page answers two questions:

• What can someone do in the Platform?
• What does the organization pay for?

In short:

• Roles control access in the Platform
• Seats control paid product access

For example, users with the Owner role handle payment methods, subscriptions, and pentest starts. However, their pull requests are only reviewed if they also have a Dev seat.

​

Roles

Roles control what someone can do in the Platform.

​

Seats

Seats are separate from roles.

• A Dev seat covers pull request reviews.
• A Sec seat is assigned in the Platform and gives access to Workbench.

In short, a Role controls Platform permissions, while a Seat controls paid product access. A person can have a seat without Platform access, and a person can also have Platform access without a seat. If someone has no Platform role assigned, they appear as Unassigned in People. Someone with Platform access only is not charged unless they also have a Dev seat or Sec seat.

​

Example scenarios

​

Invited by email first

​

State 1: invited, before sign-in

Transition: An owner invites the person by email and assigns seats. Access: Workbench only. No Platform access until an admin assigns a role.

​

State 2: signed in with GitHub, still no role

Transition: The person signs in and their identity is linked to the existing record. Access: Workbench only. They still do not have Platform access.

​

State 3: role assigned

Transition: An admin assigns a Platform role such as Viewer. Access: Viewer access in the Platform, plus Workbench access.

​

Existing GitHub developer

​

State 1: discovered from GitHub activity

Transition: A developer opens a PR and is added to People with a Dev seat. Access: No Platform access. PR reviews are covered because the person has a Dev seat.

​

State 2: signed in with GitHub, still no role

Transition: The person signs in and their email is linked to the existing record. Access: Still no Platform access.

​

State 3: role and Sec seat assigned

Transition: An admin assigns a Platform role and optionally adds a Sec seat. Access: Viewer access in the Platform, plus Workbench access.

​

Billing

The Billing page is split into:

• Seats plan
• Pentest credits
• CLI credits

Billing is driven by product entitlements:

• Dev seats affect code review billing
• Sec seats affect Workbench entitlement, including the credits available there
• Pentest credits are shared across the organization
• Roles do not create charges by themselves

For code reviews, billing is based on the maximum number of seats used during the billing period.

​

Trial

The code review trial lasts 14 days. It starts when any organization owner adds payment information from the Billing page and chooses to start the trial. During the trial:

• Dev seats auto-assign as PR activity comes in
• There is no hard seat cap, but usage is limited to 200 PRs per seat
• The organization creator starts with 200 free Workbench credits

Once a paid Sec seat is assigned, that free 200-credit Workbench allowance is removed.

​

Seat changes

If a seat is removed:

• The seat becomes unassigned right away
• That seat can be reused by someone else during the current billing cycle
• The organization is still billed for the peak seats used in that cycle
• If the seat is not reused, it drops out of the next billing cycle

​

Billing permissions

Billing actions are split by role:

• Viewer+ can view subscription details and credit balances
• Admin+ can access the seats tab and apply coupon codes
• Owner configures payment methods, cancels or reactivates subscriptions, purchases pentest credits, and starts pentests

​

Pentest access

Pentests use shared org-wide credits, and starting a pentest is currently limited to organization owners. If there are not enough pentest credits available, anyone who is not an owner is prompted to ask an owner to top up credits. Owners can go directly to checkout for the difference.