Set one security baseline across every repo.
Allow controlled project overrides. Keep exceptions and evidence in one place. Skylos stays free for local CLI scanning. The paid web layer is for teams that need one standard across multiple repos and contributors.
One baseline across repos
Define the default analysis policy once at the workspace level so every inheriting project starts from the same standard.
Controlled project overrides
Projects can deliberately diverge when they need to, with an explicit inherit-or-override model instead of hidden per-repo drift.
Exception trail and evidence
Route recurring issue suppressions through review, keep a decision trail, and export proof from the same web surface.
The buyer is not “everyone running a scanner.”
Workspace Governance is for teams that have moved beyond one developer on one repo. If policy drift, reviewer decisions, and evidence collection are starting to spread across multiple repos or people, this is the part worth paying for.
You have 2+ repos and do not want repo-by-repo policy drift.
You have 2+ contributors and need one visible standard.
You are shipping AI-assisted code and want review controls around it.
You need a web audit trail for overrides, exceptions, and evidence exports.
Sell the control layer, not the billing mechanics.
Credits still exist in Skylos, but they should feel like infrastructure billing. The product people pay for is the shared governance layer in the web app.
Local CLI and basic scanning
Run Skylos locally with no login
Scan one repo and decide whether the signal is worth keeping
Add CI later with skylos cicd init when the results earn trust
Workspace Governance
Set one baseline across every repo
Allow controlled project overrides
Keep exceptions and evidence in one place
Use the web app for shared history, review, and governance workflows
Workspace baseline policy
Project inheritance and override workflow
Exception queue and reviewer decisions
Evidence export and audit-friendly history
Credits should be background mechanics, not the headline value prop.
Your first completed purchase unlocks permanent Workspace Governance. Credits are then spent only on compute-heavy cloud actions.
Uploads and shared scan history
Compare and trend computation
AI-assisted actions like triage or remediation
No seat tax. No recurring “buy access again” step. Credits never expire.
Run Skylos on one repo first. Pay when governance becomes the problem.
That is the product line: free local signal first, paid web governance second.