9.2 KiB
Stella Ops Suite (On‑Prem) — Offer & Pricing
Self-hosted release governance + reachability-aware security gating for non‑Kubernetes container deployments.
All features are included at every tier.
You pay only for:
- Environments (policy/config boundaries)
- New digests deep‑scanned per month (evidence-grade analysis of new container artifacts)
…and optionally support tickets if you want help.
1) What Stella Ops Suite is
Stella Ops Suite is a release control plane + evidence engine for containerized applications outside Kubernetes.
It provides:
- Centralized release orchestration (environments, promotions, approvals, rollbacks, templates)
- Practical security signal (reachability + hybrid reachability) to reduce noise and focus on exploitable risk
- Auditability and attestability (evidence packets, deterministic decision records, exportable audit trail)
- Toolchain interoperability (plugins for SCM/CI/registry/vault/agents)
This is designed for:
- Small teams that want a real, usable free tier (not a toy)
- Mid-size companies (10–100 people) that need certifiable, audit-friendly releases with practical security gates, without running Kubernetes
- On‑prem or air‑gapped environments where SaaS-based governance is not an option
2) Key outcomes for customers
Secure and certifiable releases (without Kubernetes)
- Gate promotions on evidence (SBOM + reachability + policy explain traces)
- Produce audit-grade proof of “who approved what, why, and based on which evidence”
- Keep “what is deployed where” authoritative, digest-based, and reproducible
Reduce security noise and engineering churn
- Reachability-aware prioritization focuses attention on vulnerabilities that are actually on exploitable paths (vs. raw CVE count)
Predictable cost
- No per-user cost
- No per-project/microservice tax
- No per-target/machine tax
- No surprise overages (add-ons are explicit and self-serve)
3) What every tier includes (no feature gating)
All tiers (including Free) include the full Stella Ops capability set:
Release orchestration (non‑K8s)
- Environments, promotions, approvals, rollbacks
- Templates and step graphs (sequential/parallel)
- UI visualization of deployments in progress (per-step logs)
- Deployment inventory view (“what is deployed where”)
Deployment execution (non‑K8s)
- Docker Compose deployments
- Scripted deployments (.NET 10 scripting only)
- Immutable generated deployment artifacts
- “Version sticker” written to deployment directory for traceability
- Support for replicas and controlled restarts/reloads (e.g., config update + nginx reload)
Security & evidence
- Scan on build, gate on release, continuous re-evaluation on vuln intel updates
- Reachability + hybrid reachability
- Evidence packets and deterministic decision records (hashable, replayable)
- Exportable audit trail (for compliance, internal audit, incident reviews)
Extensibility
- Plugin model for SCM/CI/registry/vault/agent providers
- Plugin-specific deployment steps supported by the workflow engine
Operability
- Doctor tooling for self-service diagnostics (connectivity, agent health, configuration sanity, “why blocked?” traces)
4) Verified releases vs Unverified releases
Stella supports both operational styles.
Verified releases (recommended for production)
A Verified Release is one where promotions require Stella evidence for each new digest:
- SBOM + reachability evidence
- policy evaluation records
- approval records (where required)
- exportable evidence packet
Verified releases are intended for teams that need “certifiable” releases and practical security.
Unverified releases (CD-only usage)
Stella can also run “CD-only” workflows where evidence gates are bypassed:
- still orchestrated, logged, and visible
- useful for teams that want orchestration without security certification
Note: CD-only users are not the primary target audience for Stella Ops Suite. The product is optimized for verified releases and auditable security.
5) Pricing (On‑Prem Suite)
Annual billing: pay annually and get 1 month free (pay for 11 months).
Important: All tiers have the same features. Only the scale limits and included support channels differ.
5.1 Stella Ops Suite tiers
| Tier | Monthly | Annual (11×) | Environments | New digests deep‑scanned / month | Deployment targets | Support |
|---|---|---|---|---|---|---|
| Free | $0 | $0 | 10 | 1,000 | Unlimited | Self-service (Doctor) + community forum |
| Plus | $199 | $2,189 | 10 | 10,000 | Unlimited | Same as Free |
| Pro | $599 | $6,589 | 100 | 100,000 | Unlimited | Priority forum + 2 tickets/month (typical response ~3 business days; best-effort) |
| Business | $2,999 | $32,989 | 1,000 | 1,000,000 | Unlimited | Priority forum + email channel + 20 tickets/month (typical response ~24 hours; best-effort) + fair use |
5.2 Add-ons (self-serve)
| Add-on | Price | Notes |
|---|---|---|
| +10 support tickets | $249 | For bursts/incidents or expansion without tier change |
| +10,000 new digest deep scans | $249 | Burst capacity (premium) |
6) Definitions and how metering works
Environment
An Environment is a policy/config boundary (e.g., dev/stage/prod; region splits; customer isolation boundaries), with its own:
- policy profile
- targets/agents selection
- secrets/config bindings
- promotion rules
Deployment target
A Deployment Target is any endpoint that can receive a deployment (Docker host group, script target via SSH/WinRM provider, etc.).
Targets are unlimited in licensing. Fair use applies only in extreme abuse scenarios.
New digest deep scan
A New Digest Deep Scan occurs the first time Stella deeply analyzes a unique OCI digest to produce:
- SBOM
- reachability/hybrid reachability evidence
- vulnerability findings + verdict
- evidence references for gating and audit
What does NOT consume deep scan quota
- Re-deploying or promoting an already-scanned digest
- Re-evaluation when vulnerability intelligence updates (CVE feed updates); Stella re-computes risk using existing evidence
Tickets
A ticket is a support request handled by maintainers via the paid ticket channel. For fast resolution, tickets require:
- a clear problem statement
- reproduction steps
- the Doctor bundle output (when applicable)
Tickets are designed to be bounded, so Stella can remain self-serve by default.
7) Fair use (Business tier)
Business tier includes very high scale limits and support capacity. To keep pricing predictable and sustainable, fair use applies to:
- vulnerability feed mirroring bandwidth and frequency (if mirroring is enabled)
- audit confirmation/verification traffic (if configured)
- excessive support ticket volume beyond included entitlements
- abusive automation patterns that intentionally generate excessive duplicate work
Fair use is intended to prevent abuse, not to penalize normal operational usage.
8) Why Stella pricing is simpler than typical alternatives
The common pain with “legacy” stacks
Many release and security tools charge based on organizational and deployment complexity:
- per developer/committer
- per project/microservice
- per deployment target/machine
- per add-on module
That pricing becomes unpredictable as your architecture grows.
Stella’s approach
Stella is priced like infrastructure:
- Scale with environments and new artifacts (the two things that actually grow with your release and security footprint)
- Keep all features available at all tiers
- Keep adoption friction low for on‑prem teams
Stella is designed to replace (or reduce dependence on) a multi-tool stack:
- one tool for CD governance + evidence
- another tool for scanning
- plus “glue” for approvals, audit, and exceptions
9) Which tier is right for you?
Free
Best for:
- startups and small teams
- evaluation in real workflows
- internal PoCs
- teams learning the verified-release model
Plus ($199/month)
Best for:
- mid-size teams that want verified releases but do not want vendor support
- organizations that need a predictable monthly cost and on‑prem control
Pro ($599/month)
Best for:
- teams operating many environments and high artifact churn
- those who want occasional maintainer help without a heavy support relationship
Business ($2,999/month)
Best for:
- regulated and compliance-driven teams
- platform teams supporting multiple product groups
- customers who want best-effort response channels and bounded ticket entitlements
10) Commercial notes (On‑Prem)
- License delivered as an on‑prem entitlement (offline-friendly where required)
- Includes product updates during the subscription term
- Customer is responsible for compute/storage required for scanning and evidence retention
- Support channel access depends on tier and ticket entitlements
This document is intended as a customer-facing offer summary. Final terms and definitions may be refined in the Stella Ops subscription agreement.