OpenWatch pricing

Open core. Free to run, priced to scale.

Start free and self-hosted with the full compliance engine. Move to Enterprise when you need governance, enterprise identity, air-gapped deployment, and support for regulated and federal environments.

Community

Free

Self-hosted OpenWatch for securing your own Linux fleet.

  • Self-hosted, open source
  • STIG, CIS, and NIST 800-53 coverage
  • Scan, remediate, and roll back with Kensa
  • Posture dashboard and drift detection
  • Author custom rules in YAML
  • Community support
Download

Enterprise

Custom

Self-hosted or air-gapped, with governance, identity, and support for regulated and federal environments.

  • Everything in Community
  • Governance and exception workflows with a full audit trail
  • Granular RBAC, SAML, and SCIM
  • Long-term evidence retention and auditor packages
  • Air-gapped deployment
  • Priority support with an SLA
  • Engineer-led services available
Request a quote

Compare Community and Enterprise

OpenWatch Community vs Enterprise feature comparison
CapabilityCommunity (free, self-host)Enterprise (self-host / air-gap)
DeploymentSelf-hosted, you run itSelf-hosted / dedicated / air-gapped
STIG / CIS / NIST 800-53 Full Full
Kensa scan + remediate + rollback Full Full
Posture dashboard + drift detectionIncludedIncluded
Hosts / fleetUnlimited (self-host)Per host, volume
Author custom Kensa rules (YAML) (OSS rules) + custom frameworks
Evidence exportBasic (JSON / CSV)OSCAL, auditor packages, immutable / WORM
Retention / temporal historyShort (30 days)Configurable / unlimited
Governance & exceptions Full workflow with audit trail
Users & RBACBasic (few roles) Granular RBAC
SSO SAML / SCIM provisioning
Continuous monitoringIncludedIncluded
Bulk remediationIncluded
Integrations (SIEM, ticketing, notifications) Full + custom
Multi-org / multi-tenantIncluded
SupportCommunityPriority with SLA
Engineer-led services Add-on

Not sure which fits? Talk to us and we will help you scope it.