BUSL-1.1 (source-available)

Stella Ops Suite is source-available under BUSL-1.1. You can inspect, fork, and self-build the code. Official releases are signed and verifiable.

Free Tier (Evaluation Only)

Stella is free for evaluation and development: up to 3 environments and 999 scans per month. Production deployment requires a paid plan.

3 environments

999 scans/month

All features included

Ready for production? See our pricing plans.

Source Available

The Stella source code is available under BUSL-1.1. You can inspect, audit, and verify every line of code that runs in your environment.

  • Audit the code yourself
  • Build from source if needed
  • Plugin development and selling is permitted

License terms (practical summary)

  • Evaluation and development: free under BUSL-1.1 (up to 3 environments, 999 scans/month).
  • Production use: requires a paid license (Plus or Pro tier).
  • Change date: after 4 years, the code automatically transitions to Apache 2.0.

("Scan" = first-time deep scan of a new artifact digest. Re-deploying or promoting an already-scanned digest does not consume credits.)

Verify what you run

  • Cosign signatures: verify images and Offline Kit with /keys/cosign.pub.
  • Signed mail (PGP): roadmap and security notices are signed with fingerprint 9BCF 5D1D 6EA9 8F99 24F4 6071 B618 ABAF 7D23 C65D 7A86 77E8 2DE3 7815 6126 F723
  • DSSE evidence bundles: every scan can emit attestations for audit export and deterministic replay.
cosign verify \
  --key https://stella-ops.org/keys/cosign.pub \
  registry.stella-ops.org/stella-ops/stella-ops:<VERSION>

What you are licensing

Stella Ops Suite is a release control center for Docker images (non-Kubernetes estates):

  • SBOM generation + SBOM diff
  • Hybrid reachability (prove which CVEs are actually callable)
  • Audit review + signed evidence exports
  • Versioning / promotion governance across environments
  • A/B rollout, canary, rollback — digest-first, evidence-linked
How it works Features Evidence & audit Air-gap / sovereign

Tokens and verification

  • Optional token for pre-built images + managed updates: /register/
  • Verify downloads with published keys: /keys/
  • Security policy & disclosure: /security/

Procurement FAQ

Is BUSL-1.1 acceptable for enterprise procurement?

Yes. BUSL-1.1 is a widely-used source-available license adopted by companies like HashiCorp, MariaDB, and CockroachDB. It permits internal use, modification, and deployment without restrictions. The only limitation is offering Stella Ops as a competing hosted service. For most enterprise use cases (internal deployments, CI/CD pipelines, on-premises installations), BUSL-1.1 functions identically to permissive licenses.

Is source code escrow available?

Yes. Enterprise customers can request source code escrow arrangements through our standard escrow partners. Escrow release conditions typically include cessation of business, failure to maintain the product, or breach of support obligations. Contact sales@stella-ops.org for escrow terms and partner options.

What are the internal redistribution rules?

You may freely deploy Stella Ops across your organization, subsidiaries, and contractors working on your behalf. Internal redistribution includes: multiple data centers, cloud regions, development/staging/production environments, and air-gapped networks. Each environment consumes one environment slot from your tier. There are no per-seat or per-user fees—only environment and scan limits apply.

Do you provide procurement documentation?

Yes. We provide: security questionnaire responses (SIG, CAIQ), penetration test summaries, SBOM for our own releases, and custom legal exhibits as needed. SOC 2 Type II certification is on our roadmap. Contact sales@stella-ops.org with your requirements.

Plain-English summary. For the full legal terms, see the BUSL-1.1 text.

Request an access token See pricing