Pricing for technical release control

One platform for policy gating, signed evidence, and non-Kubernetes release orchestration. Every tier includes full capabilities; pricing scales by environments and new-digest deep scans.

Start verified trial Read technical docs

Need enterprise procurement terms, volume licensing, or legal exhibits? Talk to sales

Self-serve by default, with enterprise procurement and SLA terms available when needed.

Procurement proof anchors

Use these technical artifacts during security, compliance, and procurement review.

Evidence and Audit | Decision Capsule spec | Verification keys

60-second buying summary

-> Evaluate and internal pre-production scope -> Free
-> First production rollout and steady releases -> Plus
-> Multi-team or multi-region delivery at scale -> Pro
-> Procurement-heavy or regulated programs -> Enterprise

Availability today: Self-build from source is available now (free tier applies). Pre-built signed images and Offline Kit bundles require early-access onboarding. Enterprise support requires a paid plan (Plus or Pro). Apply for pre-built access → | Build from source →

Many teams pay separately for scanning, gating, and deployment tooling

Consolidate policy gating, signed evidence, and non-Kubernetes deployment control into one self-hosted release plane.

Stella Plus: $299/month for full platform capability

Model against your digest churn, environment count, and required support or SLA profile.

Plan tiers

Free

→ 3 environments *
→ 999 scans/month *
→ All features included
→ Self-serve docs + Doctor diagnostics

Evaluation and development use (non-production)

POPULAR

Plus

$299

/month or $3,289/year

→ 33 environments *
→ 9,999 scans/month *
→ All features included
→ Self-serve docs + Doctor diagnostics

Typical production starting point

Pro

$999

/month or $10,989/year

→ 333 environments *
→ 99,999 scans/month *
→ All features included
→ Support $99/ticket

High-volume and multi-team operations

Enterprise

For regulated programs and procurement-heavy organizations

Custom

→ Custom environments + scan volume
→ Negotiated SLA + onboarding help
→ Security/compliance pack + legal exhibits
→ Dedicated support channel

Talk to sales

Annual billing option: pay for 11 months, receive 12 months of service

Enterprise terms

Add procurement-ready documentation, negotiated SLA targets, onboarding support, and legal exhibits as required.

Talk to sales Apply for pre-built access →

Direct email: sales@stella-ops.org

After upgrade

Production use is licensed under the selected tier.
Environment and scan limits increase immediately.
You can request signed pre-built images and managed update channels.
Enterprise options cover SLA, procurement, and legal packaging.

Metering terms

Environment

A logical deployment boundary (for example: dev, staging, prod) with its own promotion history and policy state.

New-digest deep scan

A first-time deep analysis of a unique digest (SBOM, vulnerability, and reachability processing). Re-checking an already-seen digest does not consume additional deep-scan quota.

Doctor diagnostics

Self-serve diagnostic tooling built into Stella. Run stella doctor to check connectivity, permissions, registry access, and configuration issues.

Included in every tier

Release Orchestration

→ Environment?A logical deployment target (e.g. dev, staging, prod) that tracks its own release history, promotion rules, and policy gates management with promotion rules
→ Approval workflows (manual, automated, policy-gated)
→ Rollback orchestration with evidence preservation
→ Step graphs (sequential and parallel execution)
→ Real-time deployment UI with per-step logs

Deployment Execution

→ Docker Compose deployments
→ Scripted deployments (.NET 10 scripting)
→ SSH/WinRM remote deployment
→ HashiCorp Vault + Consul integration
→ Unlimited deployment targets

Security decision evidence

→ Reachability-aware risk analysis
→ Signed Decision Capsules (immutable and replayable)
→ Deterministic decision records
→ Exportable audit evidence
→ Traceable policy rationale for block/warn/allow

Extensibility

→ Plugin model for SCM, CI, registry, vault
→ Workflow engine with plugin-specific steps
→ Doctor tooling for self-service diagnostics
→ Offline-friendly licensing (air-gap supported)
→ Regional crypto (FIPS?Federal Information Processing Standards - U.S. government cryptographic standards for secure systems-aligned, GOST?Russian national cryptographic standards (GOST R 34.10/34.11) required for government systems, SM2?Chinese national public key cryptography standard (part of ShangMi suite) required for regulated industries)

Support model

Most teams use documentation plus built-in diagnostics. Enterprise terms add contractual support channels and response targets.

Self-Serve

Free / Plus

→ Documentation and guides
→ Community discussions
→ Doctor self-diagnostics
→ In-app troubleshooting

Limited Tickets

Pro (by request)

→ Up to 5 tickets/month
→ 48-hour response target
→ Email support channel
→ Doctor logs review

Enterprise

Custom terms

→ Negotiated SLA
→ Dedicated support channel
→ Priority escalation
→ Procurement documentation

Doctor Self-Diagnostics

Run stella doctor to diagnose connectivity, permissions, registry access, configuration issues, and license status. Most problems are resolved without a support ticket.

Procurement and legal FAQ

Common questions from security, legal, and procurement stakeholders.

Do you provide security questionnaires and compliance documentation?

Yes. We provide a Security & Compliance Pack with questionnaire responses (SIG/CAIQ), architecture notes, crypto profiles, and verification steps. Request the pack here.

Can you support purchase orders, invoices, and legal exhibits?

Yes. We can provide PO/invoice terms, DPAs, and procurement exhibits as needed.

Are enterprise SLAs and source escrow available?

Yes. Enterprise terms can include negotiated SLAs and source code escrow. Contact sales@stella-ops.org to discuss.

How deep-scan quota is consumed

A new digest deep scan occurs when Stella analyzes a digest for the first time and produces SBOM, vulnerability, and reachability evidence.

Does NOT consume credits:

→ Re-deploying an already-scanned digest
→ Promoting an already-scanned digest
→ Re-evaluation on CVE?Common Vulnerabilities and Exposures - a unique identifier for a publicly known security vulnerability/vuln intel updates
→ Querying existing Decision Capsules

Consumes 1 credit:

→ First scan of a new artifact digest
→ Credits reset monthly
→ Burst within month is OK

Capacity add-ons

+10,000 additional new-digest deep scans

$499

Short-term capacity for release spikes, migrations, or major intake windows.

Output artifact: Decision Capsule

Terminal

$ stella export decision-capsule --artifact sha256:abc123...
{
  "artifact": "sha256:abc123def456...",
  "sbom": "sha256:sbom789...",
  "reachability": {
    "total_cves": 487,
    "reachable": 12,
    "proof": "sha256:reach456..."
  },
  "policy": {
    "version": "sha256:policy123...",
    "verdict": "ALLOW"
  },
  "approvals": [
    {"user": "jsmith", "signature": "..."}
  ],
  "timestamp": "2025-01-15T14:32:00Z",
  "dsse_signature": "..."
}

Each Decision Capsule is DSSE-signed and replayable later via stella replay.

Architecture-level comparisons

Compare Stella with adjacent tools on objective criteria: deployment model, evidence model, replayability, offline capability, and policy model.

vs Trivy vs Snyk vs Grype vs Octopus vs GitHub vs GitLab vs Jenkins vs Harness Full Comparison

Validate fit on free tier, then scale by digest volume

Start verified trial Read technical docs

Need help sizing your plan? hello@stella-ops.org