stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
7cfb683a52ea19cb49686d6e2e95380513708909
git.stella-ops.org/docs/product/OFFER.md

235 lines
9.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Stella Ops Suite (OnPrem) — Offer & Pricing
_Self-hosted release governance + reachability-aware security gating for **nonKubernetes** container deployments._
**All features are included at every tier.**
You pay only for:
1) **Environments** (policy/config boundaries)
2) **New digests deepscanned per month** (evidence-grade analysis of new container artifacts)
…and optionally support **tickets** if you want help.
---
## 1) What Stella Ops Suite is
**Stella Ops Suite is a release control plane + evidence engine for containerized applications outside Kubernetes.**
It provides:
- **Centralized release orchestration** (environments, promotions, approvals, rollbacks, templates)
- **Practical security signal** (reachability + hybrid reachability) to reduce noise and focus on exploitable risk
- **Auditability and attestability** (evidence packets, deterministic decision records, exportable audit trail)
- **Toolchain interoperability** (plugins for SCM/CI/registry/vault/agents)
This is designed for:
- **Small teams** that want a real, usable free tier (not a toy)
- **Mid-size companies (10100 people)** that need **certifiable**, audit-friendly releases with practical security gates, without running Kubernetes
- **Onprem or airgapped environments** where SaaS-based governance is not an option
---
## 2) Key outcomes for customers
### Secure and certifiable releases (without Kubernetes)
- Gate promotions on **evidence** (SBOM + reachability + policy explain traces)
- Produce **audit-grade proof** of “who approved what, why, and based on which evidence”
- Keep “what is deployed where” authoritative, digest-based, and reproducible
### Reduce security noise and engineering churn
- Reachability-aware prioritization focuses attention on vulnerabilities that are actually on exploitable paths (vs. raw CVE count)
### Predictable cost
- No per-user cost
- No per-project/microservice tax
- No per-target/machine tax
- No surprise overages (add-ons are explicit and self-serve)
---
## 3) What every tier includes (no feature gating)
All tiers (including Free) include the full Stella Ops capability set:
### Release orchestration (nonK8s)
- Environments, promotions, approvals, rollbacks
- Templates and step graphs (sequential/parallel)
- UI visualization of deployments in progress (per-step logs)
- Deployment inventory view (“what is deployed where”)
### Deployment execution (nonK8s)
- Docker Compose deployments
- Scripted deployments (**.NET 10 scripting only**)
- Immutable generated deployment artifacts
- “Version sticker” written to deployment directory for traceability
- Support for replicas and controlled restarts/reloads (e.g., config update + nginx reload)
### Security & evidence
- Scan on build, gate on release, continuous re-evaluation on vuln intel updates
- Reachability + hybrid reachability
- Evidence packets and deterministic decision records (hashable, replayable)
- Exportable audit trail (for compliance, internal audit, incident reviews)
### Extensibility
- Plugin model for SCM/CI/registry/vault/agent providers
- Plugin-specific deployment steps supported by the workflow engine
### Operability
- **Doctor tooling** for self-service diagnostics (connectivity, agent health, configuration sanity, “why blocked?” traces)
---
## 4) Verified releases vs Unverified releases
Stella supports both operational styles.
### Verified releases (recommended for production)
A **Verified Release** is one where promotions require Stella evidence for each new digest:
- SBOM + reachability evidence
- policy evaluation records
- approval records (where required)
- exportable evidence packet
Verified releases are intended for teams that need “certifiable” releases and practical security.
### Unverified releases (CD-only usage)
Stella can also run “CD-only” workflows where evidence gates are bypassed:
- still orchestrated, logged, and visible
- useful for teams that want orchestration without security certification
**Note:** CD-only users are not the primary target audience for Stella Ops Suite. The product is optimized for verified releases and auditable security.
---
## 5) Pricing (OnPrem Suite)
**Annual billing:** pay annually and get **1 month free** (pay for 11 months).
> **Important:** All tiers have the same features. Only the scale limits and included support channels differ.
### 5.1 Stella Ops Suite tiers
| Tier | Monthly | Annual (11×) | Environments | New digests deepscanned / month | Deployment targets | Support |
|---|---:|---:|---:|---:|---:|---|
| **Free** | $0 | $0 | **10** | **1,000** | **Unlimited** | Self-service (Doctor) + community forum |
| **Plus** | **$199** | **$2,189** | **10** | **10,000** | **Unlimited** | Same as Free |
| **Pro** | **$599** | **$6,589** | **100** | **100,000** | **Unlimited** | Priority forum + **2 tickets/month** (typical response ~3 business days; best-effort) |
| **Business** | **$2,999** | **$32,989** | **1,000** | **1,000,000** | **Unlimited** | Priority forum + email channel + **20 tickets/month** (typical response ~24 hours; best-effort) + fair use |
### 5.2 Add-ons (self-serve)
| Add-on | Price | Notes |
|---|---:|---|
| **+10 support tickets** | **$249** | For bursts/incidents or expansion without tier change |
| **+10,000 new digest deep scans** | **$249** | Burst capacity (premium) |
---
## 6) Definitions and how metering works
### Environment
An **Environment** is a policy/config boundary (e.g., dev/stage/prod; region splits; customer isolation boundaries), with its own:
- policy profile
- targets/agents selection
- secrets/config bindings
- promotion rules
### Deployment target
A **Deployment Target** is any endpoint that can receive a deployment (Docker host group, script target via SSH/WinRM provider, etc.).
**Targets are unlimited in licensing**. Fair use applies only in extreme abuse scenarios.
### New digest deep scan
A **New Digest Deep Scan** occurs the first time Stella deeply analyzes a unique OCI digest to produce:
- SBOM
- reachability/hybrid reachability evidence
- vulnerability findings + verdict
- evidence references for gating and audit
#### What does NOT consume deep scan quota
- Re-deploying or promoting an already-scanned digest
- Re-evaluation when vulnerability intelligence updates (CVE feed updates); Stella re-computes risk using existing evidence
### Tickets
A **ticket** is a support request handled by maintainers via the paid ticket channel. For fast resolution, tickets require:
- a clear problem statement
- reproduction steps
- the **Doctor bundle** output (when applicable)
Tickets are designed to be bounded, so Stella can remain self-serve by default.
---
## 7) Fair use (Business tier)
Business tier includes very high scale limits and support capacity. To keep pricing predictable and sustainable, fair use applies to:
- vulnerability feed mirroring bandwidth and frequency (if mirroring is enabled)
- audit confirmation/verification traffic (if configured)
- excessive support ticket volume beyond included entitlements
- abusive automation patterns that intentionally generate excessive duplicate work
Fair use is intended to prevent abuse, not to penalize normal operational usage.
---
## 8) Why Stella pricing is simpler than typical alternatives
### The common pain with “legacy” stacks
Many release and security tools charge based on organizational and deployment complexity:
- per developer/committer
- per project/microservice
- per deployment target/machine
- per add-on module
That pricing becomes unpredictable as your architecture grows.
### Stellas approach
Stella is priced like infrastructure:
- **Scale with environments and new artifacts** (the two things that actually grow with your release and security footprint)
- Keep all features available at all tiers
- Keep adoption friction low for onprem teams
Stella is designed to replace (or reduce dependence on) a multi-tool stack:
- one tool for CD governance + evidence
- another tool for scanning
- plus “glue” for approvals, audit, and exceptions
---
## 9) Which tier is right for you?
### Free
Best for:
- startups and small teams
- evaluation in real workflows
- internal PoCs
- teams learning the verified-release model
### Plus ($199/month)
Best for:
- mid-size teams that want verified releases but do not want vendor support
- organizations that need a predictable monthly cost and onprem control
### Pro ($599/month)
Best for:
- teams operating many environments and high artifact churn
- those who want occasional maintainer help without a heavy support relationship
### Business ($2,999/month)
Best for:
- regulated and compliance-driven teams
- platform teams supporting multiple product groups
- customers who want best-effort response channels and bounded ticket entitlements
---
## 10) Commercial notes (OnPrem)
- License delivered as an onprem entitlement (offline-friendly where required)
- Includes product updates during the subscription term
- Customer is responsible for compute/storage required for scanning and evidence retention
- Support channel access depends on tier and ticket entitlements
---
_This document is intended as a customer-facing offer summary. Final terms and definitions may be refined in the Stella Ops subscription agreement._
Reference in New Issue View Git Blame Copy Permalink