stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
fa4a98dfef353e6065bb8daaa43c05943205fd49
git.stella-ops.org/LICENSE-ADDENDUM-COMMUNITY-PLUGIN-GRANT.md

188 lines
7.7 KiB
Markdown
Raw Blame History

# Additional Community Plugin Grant - StellaOps Addendum to BUSL-1.1
**Addendum Version:** 1.0.0
**Effective Date:** 2026-01-25
**Licensor:** stella-ops.org
This Addendum supplements the Business Source License 1.1 (BUSL-1.1) under which
Stella Ops Suite is licensed. Where this Addendum conflicts with BUSL-1.1, this
Addendum controls for the specific grants below.
---
## 1. Definitions
For purposes of this Addendum:
(a) **"Plugin"** means a separately packaged extension written to interface with the
Licensed Work using documented public plugin APIs or integration points published
by Licensor. A Plugin may include connectors, integrations, analyzers, formatters,
or other extensions that extend the Licensed Work's functionality without modifying
its core source code.
(b) **"Environment"** means an instance of the Licensed Work under the control of a
single legal entity (customer/organization) and deployed to a unique production
orchestration boundary. Examples include: a distinct on-premises cluster, a private
cloud tenant, or a named cloud account. For avoidance of doubt, dev/staging/production
deployments for the same organization each count as separate Environments.
(c) **"Scan"** means one completed execution of the Licensed Work's vulnerability or
artifact analysis pipeline that produces a report or SBOM/VEX output and is billed
or metered as a single unit by Licensor's published metrics. Cached or deduplicated
results that do not trigger new analysis do not count as additional Scans.
---
## 2. Community Plugin Grant
Notwithstanding anything to the contrary in BUSL-1.1, Licensor hereby grants each
Recipient a worldwide, non-exclusive, royalty-free license to:
(i) **Use, run, and reproduce** a Plugin in production solely for the Recipient's
internal business operations in up to **three (3) Environments**; and
(ii) **Perform up to nine hundred ninety-nine (999) Scans per calendar day** across
all such Environments.
This grant extends to modification and redistribution of the Plugin under the same
terms, provided redistribution is not packaged with a commercial managed hosting
offering in breach of Section 4 below.
**Commercial Plugin Development.** You may develop and sell Plugins commercially under
license terms of your choosing, provided:
- The Plugin does not include, copy, or modify the Licensed Work's source code; AND
- Distribution complies with Section 3 below.
---
## 3. Distribution & Attribution
Recipients may distribute Plugin source or binaries under the same license terms as
the Licensed Work (including this Addendum). Distributed copies must:
(a) **Retain conspicuous attribution** to Licensor, including the Licensor name and
a link to the Licensed Work's source repository;
(b) **Include this Addendum verbatim** alongside any distribution of the Licensed Work
or Plugins that incorporate portions of the Licensed Work;
(c) **Preserve the LICENSE and NOTICE files** from the original distribution.
**Competing Service Restriction.** Redistribution that embeds or repackages Licensor's
core runtime binaries into a commercial product that functions as a competing managed
service requires a separate commercial license from Licensor.
---
## 4. SaaS / Managed Offering Restriction
Recipients are **NOT** permitted to offer the Licensed Work or a Plugin (or a service
that substantially replicates the Licensed Work's core features) as a commercial hosted
service, SaaS, or managed/white-label hosting offering to third parties without a
separate written commercial license from Licensor.
This restriction applies whether the service is offered:
- Directly to end customers;
- Via a reseller or channel partner; or
- Embedded into a larger multi-tenant managed platform.
**Limited Exceptions:**
(a) **Internal Hosting.** An organization may host the Licensed Work internally for
its own employees, contractors, and affiliates without a commercial license,
subject to the Environment and Scan limits in Section 2.
(b) **MSP Single-Tenant Hosting.** A Managed Service Provider (MSP) may host distinct
single-tenant instances per customer only if:
- Each hosted instance is covered by the MSP's commercial license; OR
- The hosted instance remains fully isolated and used exclusively by the
licensee's employees and affiliates.
(c) **Public multi-tenant paid hosting** that provides the Licensed Work's functionality
to unrelated third parties is **prohibited** under this Addendum absent a commercial
license.
(d) **Non-Commercial Community Hosting.** Non-commercial, free-of-charge hosting for
community benefit (e.g., providing scanning services to open source projects) may
be permitted under a separate community program. Organizations wishing to provide
such services should contact Licensor at community@stella-ops.org for evaluation.
Approval is not automatic and is subject to Licensor's community program terms.
For detailed guidance on MSP and SaaS scenarios, see `docs/legal/SAAS_MSP_GUIDANCE.md`.
---
## 5. Enforcement & Telemetry
Licensor may reasonably audit or require self-reporting to verify compliance with the
Environment and Scan limits described in this Addendum.
**Audit Rights.** Licensor reserves the right to request compliance verification no
more than once per calendar year, with reasonable notice (minimum 30 days). Any audit
shall be:
- Conducted during normal business hours;
- Subject to standard confidentiality and data-protection safeguards; and
- Limited in scope to verification of Environment count and Scan volume.
**Voluntary Telemetry.** Licensor may provide an optional, privacy-respecting metering
endpoint for voluntary telemetry. Such telemetry:
- Is strictly opt-in;
- Collects only aggregate usage metrics (Environment count, Scan count);
- Does not collect customer content, source code, or scan results; and
- Is subject to Licensor's published privacy policy.
**Self-Attestation.** Recipients may provide annual self-attestation of compliance
using the form at `docs/legal/templates/self-attestation-form.md`.
---
## 6. Term & Upgrade
This Addendum applies to releases of the Licensed Work that include it. Licensor may
amend the numeric limits (Environments / Scans) by publishing a new Addendum version.
**Non-Retroactive Changes.** Such changes do not retroactively affect prior
distributions. Recipients using a version of the Licensed Work with an earlier
Addendum version may continue under those terms for that version.
**Version Identification.** Each Addendum version is identified by the version number
in the header. The applicable Addendum version for any distribution is the version
included with that distribution.
---
## 7. No Waiver of Other BUSL Rights
Except as explicitly modified by this Addendum, all terms of BUSL-1.1 remain in full
force and effect, including but not limited to:
- The Change Date and Change License provisions;
- The requirement to preserve license and attribution notices;
- The disclaimer of warranties and limitation of liability.
---
## 8. Legal & Compliance Notice
This Addendum is intended as a narrow community grant to encourage plugin ecosystems
while protecting Licensor's commercial SaaS market. It is not legal advice and should
be reviewed by counsel prior to publication or reliance.
**Governing Law.** This Addendum is governed by the same jurisdiction and governing
law provisions as the underlying BUSL-1.1 license.
**Severability.** If any provision of this Addendum is held unenforceable, the
remaining provisions continue in full force and effect.
---
## Change Log
| Version | Date | Notes |
|---------|------|-------|
| 1.0.0 | 2026-01-25 | Initial release of Community Plugin Grant Addendum. |
---
*Document maintained by: Legal + Security Guild*
*For questions: legal@stella-ops.org*
Reference in New Issue View Git Blame Copy Permalink