# Stella Ops Suite (On‑Prem) — Offer & Pricing _Self-hosted release governance + reachability-aware security gating for **non‑Kubernetes** container deployments._ **All features are included at every tier.** You pay only for: 1) **Environments** (policy/config boundaries) 2) **New digests deep‑scanned per month** (evidence-grade analysis of new container artifacts) …and optionally support **tickets** if you want help. --- ## 1) What Stella Ops Suite is **Stella Ops Suite is a release control plane + evidence engine for containerized applications outside Kubernetes.** It provides: - **Centralized release orchestration** (environments, promotions, approvals, rollbacks, templates) - **Practical security signal** (reachability + hybrid reachability) to reduce noise and focus on exploitable risk - **Auditability and attestability** (evidence packets, deterministic decision records, exportable audit trail) - **Toolchain interoperability** (plugins for SCM/CI/registry/vault/agents) This is designed for: - **Small teams** that want a real, usable free tier (not a toy) - **Mid-size companies (10–100 people)** that need **certifiable**, audit-friendly releases with practical security gates, without running Kubernetes - **On‑prem or air‑gapped environments** where SaaS-based governance is not an option --- ## 2) Key outcomes for customers ### Secure and certifiable releases (without Kubernetes) - Gate promotions on **evidence** (SBOM + reachability + policy explain traces) - Produce **audit-grade proof** of “who approved what, why, and based on which evidence” - Keep “what is deployed where” authoritative, digest-based, and reproducible ### Reduce security noise and engineering churn - Reachability-aware prioritization focuses attention on vulnerabilities that are actually on exploitable paths (vs. raw CVE count) ### Predictable cost - No per-user cost - No per-project/microservice tax - No per-target/machine tax - No surprise overages (add-ons are explicit and self-serve) --- ## 3) What every tier includes (no feature gating) All tiers (including Free) include the full Stella Ops capability set: ### Release orchestration (non‑K8s) - Environments, promotions, approvals, rollbacks - Templates and step graphs (sequential/parallel) - UI visualization of deployments in progress (per-step logs) - Deployment inventory view (“what is deployed where”) ### Deployment execution (non‑K8s) - Docker Compose deployments - Scripted deployments (**.NET 10 scripting only**) - Immutable generated deployment artifacts - “Version sticker” written to deployment directory for traceability - Support for replicas and controlled restarts/reloads (e.g., config update + nginx reload) ### Security & evidence - Scan on build, gate on release, continuous re-evaluation on vuln intel updates - Reachability + hybrid reachability - Evidence packets and deterministic decision records (hashable, replayable) - Exportable audit trail (for compliance, internal audit, incident reviews) ### Extensibility - Plugin model for SCM/CI/registry/vault/agent providers - Plugin-specific deployment steps supported by the workflow engine ### Operability - **Doctor tooling** for self-service diagnostics (connectivity, agent health, configuration sanity, “why blocked?” traces) --- ## 4) Verified releases vs Unverified releases Stella supports both operational styles. ### Verified releases (recommended for production) A **Verified Release** is one where promotions require Stella evidence for each new digest: - SBOM + reachability evidence - policy evaluation records - approval records (where required) - exportable evidence packet Verified releases are intended for teams that need “certifiable” releases and practical security. ### Unverified releases (CD-only usage) Stella can also run “CD-only” workflows where evidence gates are bypassed: - still orchestrated, logged, and visible - useful for teams that want orchestration without security certification **Note:** CD-only users are not the primary target audience for Stella Ops Suite. The product is optimized for verified releases and auditable security. --- ## 5) Pricing (On‑Prem Suite) **Annual billing:** pay annually and get **1 month free** (pay for 11 months). > **Important:** All tiers have the same features. Only the scale limits and included support channels differ. ### 5.1 Stella Ops Suite tiers | Tier | Monthly | Annual (11×) | Environments | New digests deep‑scanned / month | Deployment targets | Support | |---|---:|---:|---:|---:|---:|---| | **Free** | $0 | $0 | **10** | **1,000** | **Unlimited** | Self-service (Doctor) + community forum | | **Plus** | **$199** | **$2,189** | **10** | **10,000** | **Unlimited** | Same as Free | | **Pro** | **$599** | **$6,589** | **100** | **100,000** | **Unlimited** | Priority forum + **2 tickets/month** (typical response ~3 business days; best-effort) | | **Business** | **$2,999** | **$32,989** | **1,000** | **1,000,000** | **Unlimited** | Priority forum + email channel + **20 tickets/month** (typical response ~24 hours; best-effort) + fair use | ### 5.2 Add-ons (self-serve) | Add-on | Price | Notes | |---|---:|---| | **+10 support tickets** | **$249** | For bursts/incidents or expansion without tier change | | **+10,000 new digest deep scans** | **$249** | Burst capacity (premium) | --- ## 6) Definitions and how metering works ### Environment An **Environment** is a policy/config boundary (e.g., dev/stage/prod; region splits; customer isolation boundaries), with its own: - policy profile - targets/agents selection - secrets/config bindings - promotion rules ### Deployment target A **Deployment Target** is any endpoint that can receive a deployment (Docker host group, script target via SSH/WinRM provider, etc.). **Targets are unlimited in licensing**. Fair use applies only in extreme abuse scenarios. ### New digest deep scan A **New Digest Deep Scan** occurs the first time Stella deeply analyzes a unique OCI digest to produce: - SBOM - reachability/hybrid reachability evidence - vulnerability findings + verdict - evidence references for gating and audit #### What does NOT consume deep scan quota - Re-deploying or promoting an already-scanned digest - Re-evaluation when vulnerability intelligence updates (CVE feed updates); Stella re-computes risk using existing evidence ### Tickets A **ticket** is a support request handled by maintainers via the paid ticket channel. For fast resolution, tickets require: - a clear problem statement - reproduction steps - the **Doctor bundle** output (when applicable) Tickets are designed to be bounded, so Stella can remain self-serve by default. --- ## 7) Fair use (Business tier) Business tier includes very high scale limits and support capacity. To keep pricing predictable and sustainable, fair use applies to: - vulnerability feed mirroring bandwidth and frequency (if mirroring is enabled) - audit confirmation/verification traffic (if configured) - excessive support ticket volume beyond included entitlements - abusive automation patterns that intentionally generate excessive duplicate work Fair use is intended to prevent abuse, not to penalize normal operational usage. --- ## 8) Why Stella pricing is simpler than typical alternatives ### The common pain with “legacy” stacks Many release and security tools charge based on organizational and deployment complexity: - per developer/committer - per project/microservice - per deployment target/machine - per add-on module That pricing becomes unpredictable as your architecture grows. ### Stella’s approach Stella is priced like infrastructure: - **Scale with environments and new artifacts** (the two things that actually grow with your release and security footprint) - Keep all features available at all tiers - Keep adoption friction low for on‑prem teams Stella is designed to replace (or reduce dependence on) a multi-tool stack: - one tool for CD governance + evidence - another tool for scanning - plus “glue” for approvals, audit, and exceptions --- ## 9) Which tier is right for you? ### Free Best for: - startups and small teams - evaluation in real workflows - internal PoCs - teams learning the verified-release model ### Plus ($199/month) Best for: - mid-size teams that want verified releases but do not want vendor support - organizations that need a predictable monthly cost and on‑prem control ### Pro ($599/month) Best for: - teams operating many environments and high artifact churn - those who want occasional maintainer help without a heavy support relationship ### Business ($2,999/month) Best for: - regulated and compliance-driven teams - platform teams supporting multiple product groups - customers who want best-effort response channels and bounded ticket entitlements --- ## 10) Commercial notes (On‑Prem) - License delivered as an on‑prem entitlement (offline-friendly where required) - Includes product updates during the subscription term - Customer is responsible for compute/storage required for scanning and evidence retention - Support channel access depends on tier and ticket entitlements --- _This document is intended as a customer-facing offer summary. Final terms and definitions may be refined in the Stella Ops subscription agreement._