Development Roadmap

Stella Ops has completed its architecture and core development phase. We're now hardening for beta release in Q2 2026, with general availability planned for Q4 2026.

Done

Architecture

Done

Development

Q2 2026

Public Beta

Q4 2026

GA Release

Architecture & Planning

Completed 2024

  • System architecture — 40+ microservices designed with deterministic SBOM-first approach
  • Documentation — Comprehensive architecture dossiers, API specs, and operational runbooks
  • Security model — DSSE signing, transparency logs, sovereign crypto profiles defined
  • Plugin framework — Restart-time discovery for scanners, analyzers, and connectors

Core Development

Completed 2025

All core services are built and running in internal testing. Current internal release: 2025.10.0

Scanning & Evidence

  • Scanner — Layer-by-layer SBOM generation with delta caching
  • Analyzers — Java, Node.js, Python, Go, .NET, Rust, Ruby, PHP
  • Formats — CycloneDX 1.6, SPDX 3.0.1, Trivy-JSON
  • Lock validators — npm/yarn/pnpm, pip/poetry, Maven/Gradle

Advisory & VEX

  • Concelier — 30+ advisory feeds with signed snapshots
  • Excititor — OpenVEX, CSAF, CycloneDX VEX ingestion
  • VEX Lens — Consensus computation with conflict tracking
  • Advisory AI — LLM-driven summaries and remediation hints

Policy & Decisions

  • Policy Engine — Stella DSL with lattice evaluation
  • Scheduler — Delta detection and re-evaluation
  • Explain traces — Full audit trails for every decision

Cryptographic Chain

  • Authority — OIDC/OAuth2 with DPoP/mTLS binding
  • Signer — DSSE envelopes with KMS/HSM backends
  • Attestor — Rekor integration and Merkle proofs

Runtime & Enforcement

  • Zastava — K8s admission webhooks and DaemonSet
  • Notifier — Slack, Teams, email, webhook alerts
  • Drift detection — Automatic rescans on posture change

Interfaces

  • Console UI — Angular 17 with real-time dashboards
  • CLI — Native AOT binary for all operations
  • API — REST + SSE with quota headers

Hardening & Testing

Q4 2025 — Q1 2026

  • Performance tuning — Benchmark SLOs across all services
  • Security audit — Third-party review of crypto chain and policy engine
  • Determinism testing — Cross-environment replay verification
  • Offline Kit validation — Air-gap deployment in sovereign environments
  • Documentation polish — User guides, tutorials, and API references
  • Early adopter program — Invite-only access for feedback
β

Public Beta

Q2 2026

  • Public container images — Signed releases on public registries
  • Free tier activation — 33 anonymous / 333 with token
  • Helm charts — Production-ready Kubernetes deployment
  • OPA/Rego support — Advanced policy rules alongside Stella DSL
  • Reachability DSSE — Graph-level signatures for reachability proofs
  • Community feedback — Open issue tracker and discussion forums
1.0

General Availability

Q4 2026

  • SLSA L3 provenance — Full supply-chain attestation
  • LDAP/AD SSO — Enterprise identity integration
  • Sovereign crypto profiles — FIPS, GOST, SM2, eIDAS, PQC production-ready
  • 24-month LTS — Long-term support commitment
  • Enterprise add-ons — HA clustering, priority support, custom crypto adapters
  • Plugin marketplace — Community-contributed scanners and connectors

What's already built

The complete Stella Ops platform is implemented and running in internal testing:

Scanner
Concelier
Excititor
Policy Engine
Authority
Signer
Attestor
Scheduler
Zastava
Notifier
Console UI
CLI
Advisory AI
Offline Kit
Graph
Registry

40+ services, 7 language analyzers, 30+ advisory connectors, and comprehensive documentation are complete.

Explore capabilities   Get notified at beta