BUSL-1.1 (source-available)

Stella Ops Suite is source-available under BUSL-1.1. You can inspect, fork, and self-build the code. Official releases are signed and verifiable.

Product and licensing clarity

The commercial product on this site is Stella Ops Suite. The production licensing model is BUSL-1.1 plus the Additional Use Grant, with metering based on environments and new-digest deep scans.

  • Source availability: source is available for audit and self-build, but production use follows BUSL-1.1 terms.
  • Commercial tiers: Free, Plus, Pro, and Enterprise are defined on the pricing page and map to environment and scan limits.
  • Legacy naming: older docs that use "Stella Ops" without "Suite" are legacy references and are not the licensing source of truth.
  • Canonical pages: use License, Pricing, Install, and Verification Keys during procurement review.

Free Tier (Evaluation Only)

Stella is free for evaluation and development: up to 3 environments and 999 scans per month. Production deployment requires a paid plan.

3 environments

999 scans/month

All features included

Ready for production? See our pricing plans.

Source Available

The Stella source code is available under BUSL-1.1. You can inspect, audit, and verify every line of code that runs in your environment.

  • Audit the code yourself
  • Build from source if needed
  • Plugin development and selling is permitted

License terms (practical summary)

  • Evaluation and development: free under BUSL-1.1 (up to 3 environments, 999 scans/month).
  • Production use: requires a paid license (Plus or Pro tier).
  • Change date: after 4 years, the code automatically transitions to Apache 2.0.

("Scan" = first-time deep scan of a new artifact digest. Re-deploying or promoting an already-scanned digest does not consume credits.)

Verify what you run

  • CosignContainer signing tool from Sigstore project for signing and verifying container images and artifacts signatures: verify images and Offline Kit with /keys/cosign.pub.
  • Signed mail (PGP): release and security notices are signed with fingerprint 9BCF 5D1D 6EA9 8F99 24F4 6071 B618 ABAF 7D23 C65D 7A86 77E8 2DE3 7815 6126 F723
  • DSSEDead Simple Signing Envelope - a simple, flexible standard for signing arbitrary data with cryptographic signatures evidence bundles: every scan can emit attestations for audit export and deterministic replay.
cosign verify \
  --key https://stella-ops.org/keys/cosign.pub \
  registry.stella-ops.org/stella-ops/stella-ops:<VERSION>

What you are licensing

Stella Ops Suite is a release control center for Docker images (non-Kubernetes estates):

  • SBOMSoftware Bill of Materials - a complete list of all packages and dependencies in your software generation + SBOM diff
  • Hybrid reachability (prove which CVEs are actually callable)
  • Audit review + signed evidence exports
  • Versioning / promotion governance across environments
  • A/B rollout, canary, rollback — digest-first, evidence-linked
How it works Features Evidence & audit Air-gap / sovereign

Tokens and verification

  • Optional token for pre-built images + managed updates: /register/
  • Verify downloads with published keys: /keys/
  • Security policy & disclosure: /security/

Procurement FAQ

Is BUSL-1.1 acceptable for enterprise procurement?

Yes. BUSL-1.1 is a widely-used source-available license adopted by companies like HashiCorp, MariaDB, and CockroachDB. It permits internal use, modification, and deployment without restrictions. The only limitation is offering Stella Ops as a competing hosted service. For most enterprise use cases (internal deployments, CI/CD pipelines, on-premises installations), BUSL-1.1 functions identically to permissive licenses.

Is source code escrow available?

Yes. Enterprise customers can request source code escrow arrangements through our standard escrow partners. Escrow release conditions typically include cessation of business, failure to maintain the product, or breach of support obligations. Contact sales@stella-ops.org for escrow terms and partner options.

What are the internal redistribution rules?

You may freely deploy Stella Ops across your organization, subsidiaries, and contractors working on your behalf. Internal redistribution includes: multiple data centers, cloud regions, development/staging/production environments, and air-gapped networks. Each environment consumes one environment slot from your tier. There are no per-seat or per-user fees—only environment and scan limits apply.

Do you provide procurement documentation?

Yes. We provide: security questionnaire responses (SIG, CAIQ), penetration test summaries, SBOM for our own releases, and custom legal exhibits as needed. SOC 2 Type II certification is planned. Contact sales@stella-ops.org with your requirements.

Plain-English summary. For the full legal terms, see the BUSL-1.1 text.

Request an access token See pricing