stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
6e687b523aa572c0850de61175d702ad3f7d9c24
git.stella-ops.org/LICENSE-ADDENDUM-COMMUNITY-PLUGIN-GRANT.md

7.7 KiB
Raw Blame History

Additional Community Plugin Grant - StellaOps Addendum to BUSL-1.1

Addendum Version: 1.0.0 Effective Date: 2026-01-25 Licensor: stella-ops.org

This Addendum supplements the Business Source License 1.1 (BUSL-1.1) under which Stella Ops Suite is licensed. Where this Addendum conflicts with BUSL-1.1, this Addendum controls for the specific grants below.

1. Definitions

For purposes of this Addendum:

(a) "Plugin" means a separately packaged extension written to interface with the Licensed Work using documented public plugin APIs or integration points published by Licensor. A Plugin may include connectors, integrations, analyzers, formatters, or other extensions that extend the Licensed Work's functionality without modifying its core source code.

(b) "Environment" means an instance of the Licensed Work under the control of a single legal entity (customer/organization) and deployed to a unique production orchestration boundary. Examples include: a distinct on-premises cluster, a private cloud tenant, or a named cloud account. For avoidance of doubt, dev/staging/production deployments for the same organization each count as separate Environments.

(c) "Scan" means one completed execution of the Licensed Work's vulnerability or artifact analysis pipeline that produces a report or SBOM/VEX output and is billed or metered as a single unit by Licensor's published metrics. Cached or deduplicated results that do not trigger new analysis do not count as additional Scans.

2. Community Plugin Grant

Notwithstanding anything to the contrary in BUSL-1.1, Licensor hereby grants each Recipient a worldwide, non-exclusive, royalty-free license to:

(i) Use, run, and reproduce a Plugin in production solely for the Recipient's internal business operations in up to three (3) Environments; and

(ii) Perform up to nine hundred ninety-nine (999) Scans per calendar day across all such Environments.

This grant extends to modification and redistribution of the Plugin under the same terms, provided redistribution is not packaged with a commercial managed hosting offering in breach of Section 4 below.

Commercial Plugin Development. You may develop and sell Plugins commercially under license terms of your choosing, provided:

  • The Plugin does not include, copy, or modify the Licensed Work's source code; AND
  • Distribution complies with Section 3 below.

3. Distribution & Attribution

Recipients may distribute Plugin source or binaries under the same license terms as the Licensed Work (including this Addendum). Distributed copies must:

(a) Retain conspicuous attribution to Licensor, including the Licensor name and a link to the Licensed Work's source repository;

(b) Include this Addendum verbatim alongside any distribution of the Licensed Work or Plugins that incorporate portions of the Licensed Work;

(c) Preserve the LICENSE and NOTICE files from the original distribution.

Competing Service Restriction. Redistribution that embeds or repackages Licensor's core runtime binaries into a commercial product that functions as a competing managed service requires a separate commercial license from Licensor.

4. SaaS / Managed Offering Restriction

Recipients are NOT permitted to offer the Licensed Work or a Plugin (or a service that substantially replicates the Licensed Work's core features) as a commercial hosted service, SaaS, or managed/white-label hosting offering to third parties without a separate written commercial license from Licensor.

This restriction applies whether the service is offered:

  • Directly to end customers;
  • Via a reseller or channel partner; or
  • Embedded into a larger multi-tenant managed platform.

Limited Exceptions:

(a) Internal Hosting. An organization may host the Licensed Work internally for its own employees, contractors, and affiliates without a commercial license, subject to the Environment and Scan limits in Section 2.

(b) MSP Single-Tenant Hosting. A Managed Service Provider (MSP) may host distinct single-tenant instances per customer only if: - Each hosted instance is covered by the MSP's commercial license; OR - The hosted instance remains fully isolated and used exclusively by the licensee's employees and affiliates.

(c) Public multi-tenant paid hosting that provides the Licensed Work's functionality to unrelated third parties is prohibited under this Addendum absent a commercial license.

(d) Non-Commercial Community Hosting. Non-commercial, free-of-charge hosting for community benefit (e.g., providing scanning services to open source projects) may be permitted under a separate community program. Organizations wishing to provide such services should contact Licensor at community@stella-ops.org for evaluation. Approval is not automatic and is subject to Licensor's community program terms.

For detailed guidance on MSP and SaaS scenarios, see docs/legal/SAAS_MSP_GUIDANCE.md.

5. Enforcement & Telemetry

Licensor may reasonably audit or require self-reporting to verify compliance with the Environment and Scan limits described in this Addendum.

Audit Rights. Licensor reserves the right to request compliance verification no more than once per calendar year, with reasonable notice (minimum 30 days). Any audit shall be:

  • Conducted during normal business hours;
  • Subject to standard confidentiality and data-protection safeguards; and
  • Limited in scope to verification of Environment count and Scan volume.

Voluntary Telemetry. Licensor may provide an optional, privacy-respecting metering endpoint for voluntary telemetry. Such telemetry:

  • Is strictly opt-in;
  • Collects only aggregate usage metrics (Environment count, Scan count);
  • Does not collect customer content, source code, or scan results; and
  • Is subject to Licensor's published privacy policy.

Self-Attestation. Recipients may provide annual self-attestation of compliance using the form at docs/legal/templates/self-attestation-form.md.

6. Term & Upgrade

This Addendum applies to releases of the Licensed Work that include it. Licensor may amend the numeric limits (Environments / Scans) by publishing a new Addendum version.

Non-Retroactive Changes. Such changes do not retroactively affect prior distributions. Recipients using a version of the Licensed Work with an earlier Addendum version may continue under those terms for that version.

Version Identification. Each Addendum version is identified by the version number in the header. The applicable Addendum version for any distribution is the version included with that distribution.

7. No Waiver of Other BUSL Rights

Except as explicitly modified by this Addendum, all terms of BUSL-1.1 remain in full force and effect, including but not limited to:

  • The Change Date and Change License provisions;
  • The requirement to preserve license and attribution notices;
  • The disclaimer of warranties and limitation of liability.

8. Legal & Compliance Notice

This Addendum is intended as a narrow community grant to encourage plugin ecosystems while protecting Licensor's commercial SaaS market. It is not legal advice and should be reviewed by counsel prior to publication or reliance.

Governing Law. This Addendum is governed by the same jurisdiction and governing law provisions as the underlying BUSL-1.1 license.

Severability. If any provision of this Addendum is held unenforceable, the remaining provisions continue in full force and effect.

Change Log

Version Date Notes
1.0.0 2026-01-25 Initial release of Community Plugin Grant Addendum.

Document maintained by: Legal + Security Guild For questions: legal@stella-ops.org