Release control plane for non-Kubernetes estates

Release control plane with digest-first policy and replayable proof

Stella Ops turns SBOM, reachability, VEX, and approvals into digest-first promotion decisions for non-Kubernetes estates, so teams review fewer reachable CVEs, replay verdicts deterministically, and verify audits by signature.

Start verified trial Read technical docs
How it works Talk to sales

Built for technical teams under audit pressure

Self-hosted | Non-Kubernetes first | Replayable evidence | Air-gap ready
Run now: self-build from source on the free tier (evaluation/dev). Optional early access: pre-built signed images + managed updates via access token. Production path available now: Plus/Pro plans, enterprise terms on request.

Proof anchors

Each claim links to inspectable evidence artifacts, replay workflow, and specification docs.

Evidence and Audit | Decision Capsule spec | How it works

Validation notes from technical pilots

Named case studies are not yet public. Until then, we publish reproducible pilot patterns and the exact artifacts used for independent verification.

Pilot scope pattern: 6-12 services, mixed Linux and Windows targets, promotion gates enforced on immutable digests.

Observed signal pattern: reachability and VEX filtering reduce manual triage volume before security review.

Observed audit pattern: teams switch from timeline reconstruction to signature and replay verification.

Review evidence model | Verify signing keys | See replay workflow

What technical buyers get

Ship safely

Prioritize reachable CVEs before promotion so triage focuses on exploitable risk.

Know why

Inspect exact gate inputs and rationale: SBOM, reachable CVEs, policy snapshot, and approvals.

Prove it

Export a signed Decision Capsule, verify it offline, and reduce audit prep from timeline reconstruction to signature and replay checks.

Core Mechanisms

Why promotion decisions are defensible

SBOM and VEX with conflict-aware consensus

Generate SPDX/CycloneDX SBOMs, ingest multi-issuer OpenVEX, and resolve conflicting assertions with deterministic K4 lattice logic.

Learn more

Reachability-backed risk decisions

Combine static call graphs, binary symbols, and runtime eBPF probes to prove which CVEs are reachable in real execution paths.

Learn more

Digest-pinned release identity

Resolve every release to immutable OCI digests at creation time so tags remain aliases and pulls remain tamper-detectable.

Learn more

Agentless deployment for non-Kubernetes targets

Deploy over SSH/WinRM to Linux and Windows using canary, rolling, or blue-green strategies, with rollback to known-good digests.

Learn more

Core Mechanisms

Every Decision is Auditable

  • Decision Capsules — every promotion is a signed, exportable evidence bundle
  • Deterministic Replay — re-run any decision with frozen inputs, get bit-for-bit identical output
  • Offline Verification — auditors validate signatures and replay without network access
Learn more
Terminal
$ stella promote api:v2.1.0 --env staging
✓ Scanning SBOM (sha256:a1b2c3d4...)
✓ Reachability analysis — 3 CVEs filtered
✓ Policy evaluation — PASS
→ Decision Capsule: capsule-2025-01-28-a7f3.json
Signed with key: stella-prod-2025 (cosign)

Every promotion generates a signed Decision Capsule

Explore a real Decision Capsule

Download an example capsule, verify signatures, and replay the decision locally.

Includes: SBOM (CycloneDX), reachability proof, policy evaluation, mock approvals, signature + public key.

Download example capsule

From evaluation to production

A clear path from first scan to enterprise rollout.

1

Evaluate

Self-build from source. Scan your first digest. Export your first Decision Capsule. Free tier: 3 environments, 999 scans/month.

2

Pilot

Optional: request an access token for signed images and managed updates. Define your promotion graph. Run your first policy-gated release.

3

Production

Upgrade to Plus or Pro for production use. Scale environments and scan volume. Enable enterprise procurement support as needed.

How it works

Try It: Example Decision Capsule

Download a sanitized example capsule to explore the structure and run verification commands locally.

Five steps — from connect to proof

  1. 1

    Connect

    Link registries, CI, and targets. Track releases by immutable digests.

  2. 2

    Analyze

    Analyze SBOM, reachability, and VEX inputs, then bind the result to the release digest.

  3. 3

    Gate

    Evaluate policy against evidence (including reachability) at each environment boundary.

  4. 4

    Deploy

    Execute agentless deployments — canary, rolling, blue-green — with safe rollback.

  5. 5

    Prove

    Export a signed Decision Capsule — replayable, verifiable, audit-ready.

Download example capsule Evidence & Audit View all integrations →

Contains: SBOM, reachability proof, policy snapshot, mock approvals. Signature + public key included for local verification.

Run your first verified promotion

Free tier: 3 environments, 999 scans/month

Start verified trial Read technical docs

See all features

Need enterprise procurement terms, volume licensing, or legal exhibits?

Talk to sales