stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

Merge branch 'main' of https://git.stella-ops.org/stella-ops.org/git.stella-ops.org

Browse Source
This commit is contained in:
master
2026-01-15 21:07:03 +02:00
parent 6ad5425e54 88a85cdd92
commit 03f0bb6128
208 changed files with 32271 additions and 2287 deletions
Download Patch File Download Diff File Expand all files Collapse all files

234
docs/product/stella_ops_offer_pricing.md Normal file
View File

@@ -0,0 +1,234 @@
# Stella Ops Suite (OnPrem) — Offer & Pricing
_Self-hosted release governance + reachability-aware security gating for **nonKubernetes** container deployments._
**All features are included at every tier.**
You pay only for:
1) **Environments** (policy/config boundaries)
2) **New digests deepscanned per month** (evidence-grade analysis of new container artifacts)
…and optionally support **tickets** if you want help.
---
## 1) What Stella Ops Suite is
**Stella Ops Suite is a release control plane + evidence engine for containerized applications outside Kubernetes.**
It provides:
- **Centralized release orchestration** (environments, promotions, approvals, rollbacks, templates)
- **Practical security signal** (reachability + hybrid reachability) to reduce noise and focus on exploitable risk
- **Auditability and attestability** (evidence packets, deterministic decision records, exportable audit trail)
- **Toolchain interoperability** (plugins for SCM/CI/registry/vault/agents)
This is designed for:
- **Small teams** that want a real, usable free tier (not a toy)
- **Mid-size companies (10100 people)** that need **certifiable**, audit-friendly releases with practical security gates, without running Kubernetes
- **Onprem or airgapped environments** where SaaS-based governance is not an option
---
## 2) Key outcomes for customers
### Secure and certifiable releases (without Kubernetes)
- Gate promotions on **evidence** (SBOM + reachability + policy explain traces)
- Produce **audit-grade proof** of “who approved what, why, and based on which evidence”
- Keep “what is deployed where” authoritative, digest-based, and reproducible
### Reduce security noise and engineering churn
- Reachability-aware prioritization focuses attention on vulnerabilities that are actually on exploitable paths (vs. raw CVE count)
### Predictable cost
- No per-user cost
- No per-project/microservice tax
- No per-target/machine tax
- No surprise overages (add-ons are explicit and self-serve)
---
## 3) What every tier includes (no feature gating)
All tiers (including Free) include the full Stella Ops capability set:
### Release orchestration (nonK8s)
- Environments, promotions, approvals, rollbacks
- Templates and step graphs (sequential/parallel)
- UI visualization of deployments in progress (per-step logs)
- Deployment inventory view (“what is deployed where”)
### Deployment execution (nonK8s)
- Docker Compose deployments
- Scripted deployments (**.NET 10 scripting only**)
- Immutable generated deployment artifacts
- “Version sticker” written to deployment directory for traceability
- Support for replicas and controlled restarts/reloads (e.g., config update + nginx reload)
### Security & evidence
- Scan on build, gate on release, continuous re-evaluation on vuln intel updates
- Reachability + hybrid reachability
- Evidence packets and deterministic decision records (hashable, replayable)
- Exportable audit trail (for compliance, internal audit, incident reviews)
### Extensibility
- Plugin model for SCM/CI/registry/vault/agent providers
- Plugin-specific deployment steps supported by the workflow engine
### Operability
- **Doctor tooling** for self-service diagnostics (connectivity, agent health, configuration sanity, “why blocked?” traces)
---
## 4) Verified releases vs Unverified releases
Stella supports both operational styles.
### Verified releases (recommended for production)
A **Verified Release** is one where promotions require Stella evidence for each new digest:
- SBOM + reachability evidence
- policy evaluation records
- approval records (where required)
- exportable evidence packet
Verified releases are intended for teams that need “certifiable” releases and practical security.
### Unverified releases (CD-only usage)
Stella can also run “CD-only” workflows where evidence gates are bypassed:
- still orchestrated, logged, and visible
- useful for teams that want orchestration without security certification
**Note:** CD-only users are not the primary target audience for Stella Ops Suite. The product is optimized for verified releases and auditable security.
---
## 5) Pricing (OnPrem Suite)
**Annual billing:** pay annually and get **1 month free** (pay for 11 months).
> **Important:** All tiers have the same features. Only the scale limits and included support channels differ.
### 5.1 Stella Ops Suite tiers
| Tier | Monthly | Annual (11×) | Environments | New digests deepscanned / month | Deployment targets | Support |
|---|---:|---:|---:|---:|---:|---|
| **Free** | $0 | $0 | **10** | **1,000** | **Unlimited** | Self-service (Doctor) + community forum |
| **Plus** | **$199** | **$2,189** | **10** | **10,000** | **Unlimited** | Same as Free |
| **Pro** | **$599** | **$6,589** | **100** | **100,000** | **Unlimited** | Priority forum + **2 tickets/month** (typical response ~3 business days; best-effort) |
| **Business** | **$2,999** | **$32,989** | **1,000** | **1,000,000** | **Unlimited** | Priority forum + email channel + **20 tickets/month** (typical response ~24 hours; best-effort) + fair use |
### 5.2 Add-ons (self-serve)
| Add-on | Price | Notes |
|---|---:|---|
| **+10 support tickets** | **$249** | For bursts/incidents or expansion without tier change |
| **+10,000 new digest deep scans** | **$249** | Burst capacity (premium) |
---
## 6) Definitions and how metering works
### Environment
An **Environment** is a policy/config boundary (e.g., dev/stage/prod; region splits; customer isolation boundaries), with its own:
- policy profile
- targets/agents selection
- secrets/config bindings
- promotion rules
### Deployment target
A **Deployment Target** is any endpoint that can receive a deployment (Docker host group, script target via SSH/WinRM provider, etc.).
**Targets are unlimited in licensing**. Fair use applies only in extreme abuse scenarios.
### New digest deep scan
A **New Digest Deep Scan** occurs the first time Stella deeply analyzes a unique OCI digest to produce:
- SBOM
- reachability/hybrid reachability evidence
- vulnerability findings + verdict
- evidence references for gating and audit
#### What does NOT consume deep scan quota
- Re-deploying or promoting an already-scanned digest
- Re-evaluation when vulnerability intelligence updates (CVE feed updates); Stella re-computes risk using existing evidence
### Tickets
A **ticket** is a support request handled by maintainers via the paid ticket channel. For fast resolution, tickets require:
- a clear problem statement
- reproduction steps
- the **Doctor bundle** output (when applicable)
Tickets are designed to be bounded, so Stella can remain self-serve by default.
---
## 7) Fair use (Business tier)
Business tier includes very high scale limits and support capacity. To keep pricing predictable and sustainable, fair use applies to:
- vulnerability feed mirroring bandwidth and frequency (if mirroring is enabled)
- audit confirmation/verification traffic (if configured)
- excessive support ticket volume beyond included entitlements
- abusive automation patterns that intentionally generate excessive duplicate work
Fair use is intended to prevent abuse, not to penalize normal operational usage.
---
## 8) Why Stella pricing is simpler than typical alternatives
### The common pain with “legacy” stacks
Many release and security tools charge based on organizational and deployment complexity:
- per developer/committer
- per project/microservice
- per deployment target/machine
- per add-on module
That pricing becomes unpredictable as your architecture grows.
### Stellas approach
Stella is priced like infrastructure:
- **Scale with environments and new artifacts** (the two things that actually grow with your release and security footprint)
- Keep all features available at all tiers
- Keep adoption friction low for onprem teams
Stella is designed to replace (or reduce dependence on) a multi-tool stack:
- one tool for CD governance + evidence
- another tool for scanning
- plus “glue” for approvals, audit, and exceptions
---
## 9) Which tier is right for you?
### Free
Best for:
- startups and small teams
- evaluation in real workflows
- internal PoCs
- teams learning the verified-release model
### Plus ($199/month)
Best for:
- mid-size teams that want verified releases but do not want vendor support
- organizations that need a predictable monthly cost and onprem control
### Pro ($599/month)
Best for:
- teams operating many environments and high artifact churn
- those who want occasional maintainer help without a heavy support relationship
### Business ($2,999/month)
Best for:
- regulated and compliance-driven teams
- platform teams supporting multiple product groups
- customers who want best-effort response channels and bounded ticket entitlements
---
## 10) Commercial notes (OnPrem)
- License delivered as an onprem entitlement (offline-friendly where required)
- Includes product updates during the subscription term
- Customer is responsible for compute/storage required for scanning and evidence retention
- Support channel access depends on tier and ticket entitlements
---
_This document is intended as a customer-facing offer summary. Final terms and definitions may be refined in the Stella Ops subscription agreement._