Questions we get most often.

Sebastion AI is a GitHub App that audits every pull request for security regressions before they ship. It posts inline review comments tagged with CWE ids, cross-checks against the OSV.dev CVE database via OSV-Scanner, runs a regex-based secret detector, and uses deterministic post-processing to drop low-signal noise.

We are AI-first and security-only. CodeRabbit reviews code for style and bugs, Snyk scans dependencies for known CVEs, and Socket protects your supply chain. Sebastion focuses on security regressions in your own code that today's static tools miss. Side-by-sides live at /vs/coderabbit, /vs/snyk, and /vs/socket.

We pick frontier models that get security right and route around them when something better lands. Free runs on a fast frontier model. Pro and Team use a higher-reasoning frontier model. The exact mix can change with provider availability and pricing.

Visit github.com/apps/sebastionai and pick the repository or org you want covered. Free covers public repos with no credit card. The first audit shows up on your next pull request.

No. Your GitHub account is your account. Sign in to the dashboard at app.foundationmachines.ai with the same GitHub identity that installed the app.

Free for public repos. Pro is $19/month flat for 1 developer and adds private repos plus autofix PR drafts. Team has no recurring fee — buy credit packs from $25 and add unlimited users and repos. Full breakdown on /pricing.

A credit is the customer-facing unit for AI review work. One credit is worth $0.02 at the base rate. Team buys credits in packs: $25 / $100 / $500. Bigger packs include bonus credits — the $500 pack is 20% cheaper per credit than the $25 pack. $1.20 covers a typical 60-credit PR review.

Team customers set a spend cap on their tenant. When usage reaches the cap, Sebastion stops starting new paid review work until you raise the cap or enable a one-click 24-hour override in the portal.

CodeRabbit Pro is $24/seat, Greptile is $30/seat plus $1/PR over 50, and Qodo is $30/seat with a 20 PR quota. Foundation Machines Team has no recurring fee — buy credit packs (from 1,250 credits for $25) and add unlimited users and repos. Quiet months cost nothing.

Yes. Free covers 50 PR audits per repo per month and 500 per account per month, across every repo combined. Pro removes both caps. Daily safety caps protect everyone against runaway CI loops — see rate limits for the full list.

Yes. New paid installs get 100 trial credits for 14 days so you can measure real PR costs before committing.

We process source code transiently and do not store pull request contents after the audit completes. Findings and operational metadata are retained so the product can show audit history and support suppressions. Full posture lives at /security and /trust.

No. We use provider controls intended to prevent training on customer prompts and responses, and we do not train our own models on your code.

No. We tune aggressively for high signal. Best-practice and stylistic rules are demoted to info severity by default; only real security regressions surface as inline review comments.

Reply directly on the inline finding comment with @sebastionai ignore and Sebastion writes a Learning that suppresses that rule on that file for your installation. Full details at docs.foundationmachines.ai/docs/false-positives-and-learnings.

Yes — Pro and Team. Reply on any inline finding with @sebastionai and your question; the answer lands in the same PR thread.

No. Sebastion auto-reads AGENTS.md, CLAUDE.md, .cursorrules, and .github/copilot-instructions.md from your default branch, so suppression markers you already keep for coding-agent context apply to Sebastion too.

Bug or feature request: open an issue or use the contact form. Security vulnerability: please use /vulnerability-disclosure instead.