# Additional Community Plugin Grant - StellaOps Addendum to BUSL-1.1

**Addendum Version:** 1.0.0
**Effective Date:** 2026-01-25
**Licensor:** stella-ops.org

This Addendum supplements the Business Source License 1.1 (BUSL-1.1) under which
Stella Ops Suite is licensed. Where this Addendum conflicts with BUSL-1.1, this
Addendum controls for the specific grants below.

---

## 1. Definitions

For purposes of this Addendum:

(a) **"Plugin"** means a separately packaged extension written to interface with the
    Licensed Work using documented public plugin APIs or integration points published
    by Licensor. A Plugin may include connectors, integrations, analyzers, formatters,
    or other extensions that extend the Licensed Work's functionality without modifying
    its core source code.

(b) **"Environment"** means an instance of the Licensed Work under the control of a
    single legal entity (customer/organization) and deployed to a unique production
    orchestration boundary. Examples include: a distinct on-premises cluster, a private
    cloud tenant, or a named cloud account. For avoidance of doubt, dev/staging/production
    deployments for the same organization each count as separate Environments.

(c) **"Scan"** means one completed execution of the Licensed Work's vulnerability or
    artifact analysis pipeline that produces a report or SBOM/VEX output and is billed
    or metered as a single unit by Licensor's published metrics. Cached or deduplicated
    results that do not trigger new analysis do not count as additional Scans.

---

## 2. Community Plugin Grant

Notwithstanding anything to the contrary in BUSL-1.1, Licensor hereby grants each
Recipient a worldwide, non-exclusive, royalty-free license to:

(i) **Use, run, and reproduce** a Plugin in production solely for the Recipient's
    internal business operations in up to **three (3) Environments**; and

(ii) **Perform up to nine hundred ninety-nine (999) Scans per calendar day** across
     all such Environments.

This grant extends to modification and redistribution of the Plugin under the same
terms, provided redistribution is not packaged with a commercial managed hosting
offering in breach of Section 4 below.

**Commercial Plugin Development.** You may develop and sell Plugins commercially under
license terms of your choosing, provided:
- The Plugin does not include, copy, or modify the Licensed Work's source code; AND
- Distribution complies with Section 3 below.

---

## 3. Distribution & Attribution

Recipients may distribute Plugin source or binaries under the same license terms as
the Licensed Work (including this Addendum). Distributed copies must:

(a) **Retain conspicuous attribution** to Licensor, including the Licensor name and
    a link to the Licensed Work's source repository;

(b) **Include this Addendum verbatim** alongside any distribution of the Licensed Work
    or Plugins that incorporate portions of the Licensed Work;

(c) **Preserve the LICENSE and NOTICE files** from the original distribution.

**Competing Service Restriction.** Redistribution that embeds or repackages Licensor's
core runtime binaries into a commercial product that functions as a competing managed
service requires a separate commercial license from Licensor.

---

## 4. SaaS / Managed Offering Restriction

Recipients are **NOT** permitted to offer the Licensed Work or a Plugin (or a service
that substantially replicates the Licensed Work's core features) as a commercial hosted
service, SaaS, or managed/white-label hosting offering to third parties without a
separate written commercial license from Licensor.

This restriction applies whether the service is offered:
- Directly to end customers;
- Via a reseller or channel partner; or
- Embedded into a larger multi-tenant managed platform.

**Limited Exceptions:**

(a) **Internal Hosting.** An organization may host the Licensed Work internally for
    its own employees, contractors, and affiliates without a commercial license,
    subject to the Environment and Scan limits in Section 2.

(b) **MSP Single-Tenant Hosting.** A Managed Service Provider (MSP) may host distinct
    single-tenant instances per customer only if:
    - Each hosted instance is covered by the MSP's commercial license; OR
    - The hosted instance remains fully isolated and used exclusively by the
      licensee's employees and affiliates.

(c) **Public multi-tenant paid hosting** that provides the Licensed Work's functionality
    to unrelated third parties is **prohibited** under this Addendum absent a commercial
    license.

(d) **Non-Commercial Community Hosting.** Non-commercial, free-of-charge hosting for
    community benefit (e.g., providing scanning services to open source projects) may
    be permitted under a separate community program. Organizations wishing to provide
    such services should contact Licensor at community@stella-ops.org for evaluation.
    Approval is not automatic and is subject to Licensor's community program terms.

For detailed guidance on MSP and SaaS scenarios, see `docs/legal/SAAS_MSP_GUIDANCE.md`.

---

## 5. Enforcement & Telemetry

Licensor may reasonably audit or require self-reporting to verify compliance with the
Environment and Scan limits described in this Addendum.

**Audit Rights.** Licensor reserves the right to request compliance verification no
more than once per calendar year, with reasonable notice (minimum 30 days). Any audit
shall be:
- Conducted during normal business hours;
- Subject to standard confidentiality and data-protection safeguards; and
- Limited in scope to verification of Environment count and Scan volume.

**Voluntary Telemetry.** Licensor may provide an optional, privacy-respecting metering
endpoint for voluntary telemetry. Such telemetry:
- Is strictly opt-in;
- Collects only aggregate usage metrics (Environment count, Scan count);
- Does not collect customer content, source code, or scan results; and
- Is subject to Licensor's published privacy policy.

**Self-Attestation.** Recipients may provide annual self-attestation of compliance
using the form at `docs/legal/templates/self-attestation-form.md`.

---

## 6. Term & Upgrade

This Addendum applies to releases of the Licensed Work that include it. Licensor may
amend the numeric limits (Environments / Scans) by publishing a new Addendum version.

**Non-Retroactive Changes.** Such changes do not retroactively affect prior
distributions. Recipients using a version of the Licensed Work with an earlier
Addendum version may continue under those terms for that version.

**Version Identification.** Each Addendum version is identified by the version number
in the header. The applicable Addendum version for any distribution is the version
included with that distribution.

---

## 7. No Waiver of Other BUSL Rights

Except as explicitly modified by this Addendum, all terms of BUSL-1.1 remain in full
force and effect, including but not limited to:
- The Change Date and Change License provisions;
- The requirement to preserve license and attribution notices;
- The disclaimer of warranties and limitation of liability.

---

## 8. Legal & Compliance Notice

This Addendum is intended as a narrow community grant to encourage plugin ecosystems
while protecting Licensor's commercial SaaS market. It is not legal advice and should
be reviewed by counsel prior to publication or reliance.

**Governing Law.** This Addendum is governed by the same jurisdiction and governing
law provisions as the underlying BUSL-1.1 license.

**Severability.** If any provision of this Addendum is held unenforceable, the
remaining provisions continue in full force and effect.

---

## Change Log

| Version | Date | Notes |
|---------|------|-------|
| 1.0.0 | 2026-01-25 | Initial release of Community Plugin Grant Addendum. |

---

*Document maintained by: Legal + Security Guild*
*For questions: legal@stella-ops.org*