Question 1

What counts as a "successful" triage?

Accepted Answer

A successful triage is when Konvu reaches a confident verdict on a finding (exploitable, not exploitable, or needs human review) with supporting evidence. Inconclusive results, where Konvu cannot reach a confident verdict, are free.

Question 2

What counts as a "successful" remediation PR?

Accepted Answer

A successful remediation is when Konvu opens a pull request that fixes the vulnerability. Automated fix PRs are an Enterprise feature. If a PR is not opened, or the fix attempt fails, that attempt is free.

Question 3

Do failed or inconclusive runs cost anything?

Accepted Answer

No. You only pay for delivered work: confident triage verdicts and successful fix PRs. Failed or inconclusive runs are free.

Question 4

What if I need more than 500 triages a month?

Accepted Answer

Reach out to us. Depending on your volume, we will either expand your Business plan or move you to Enterprise for custom-sized capacity.

Question 5

Does unused capacity roll over?

Accepted Answer

Business is monthly: unused triages do not roll over to the next month. Enterprise contracts are annual, and unused capacity within the contract year remains available.

Question 6

What is the typical contract length?

Accepted Answer

Business is month-to-month. Enterprise contracts are annual, with multi-year agreements available at additional discounts.

Question 7

Is there a pilot or free trial?

Accepted Answer

Yes. You can sign up directly for Business at app.konvu.com to evaluate Konvu on your own data. For Enterprise, we run guided pilots before contracting. Get in touch to set one up.

Question 8

Can I move between plans?

Accepted Answer

Yes. You can upgrade from Business to Enterprise at any time. Contact us when you need SSO, self-hosted analysis, push integrations to your ticketing system, or other Enterprise capabilities.

	Business Sign up →	Enterprise Contact sales →
Core platform
AI-powered triage with evidence
Reachability analysis
Exploitability analysis
Container CVE triage
Auto-remediation (auto-fix PRs)	—
Virtual patching (WAF rules)	—
Bug bounty reproduction	—
Integrations
SAST, SCA, and container scanners (Snyk, Semgrep, Trivy, and more)
WAF integrations (ModSecurity, AWS WAF, Cloudflare)	—
Cloud SCMs (GitHub, GitLab)
Slack and email notifications
Push to ticketing (Jira, ServiceNow)	—
Self-managed SCMs (GitHub Enterprise Server, GitLab self-managed, Bitbucket DC, Azure DevOps Server)	—
API and CLI access	—
Deployment
Cloud analysis
Self-hosted analysis (details)	—
BYO LLM keys	—
Governance and access
SSO	—
SCIM provisioning	—
Custom roles and granular permissions	—
Custom triage policies	—
Audit logs	—
Security and compliance
SOC 2 Type II
Zero LLM data retention
Support and commercial
Business-hours support
Dedicated SLA	—
Named CSM	—
Volume-based pricing	—
Invoice billing and MSA	—

Pay for outcomes, not noise.

Business

Enterprise

What you pay for

Confident triage verdict

Successful fix PR

Key features

Frequently asked questions

Ready to cut through the noise?