diff --git a/docs/understanding-bigbang/licensing-model.md b/docs/understanding-bigbang/licensing-model.md index 1291b8278dc890400a7cd3497256ac598fdf8a4a..8caf624e9359ea9858d153c3f96b9374a48f78f3 100644 --- a/docs/understanding-bigbang/licensing-model.md +++ b/docs/understanding-bigbang/licensing-model.md @@ -46,7 +46,7 @@ Licensing of products deployable by BigBang are not covered by the BigBang team. | Kyverno | Policy Enforcement (Core App) | Apache License 2.0 (Free/OSS) | * Kyverno is a fully open-source product, however there are [multiple companies](https://kyverno.io/support/) which provide paid support services for it. | | Istio Controlplane, Istio Operator, and Kiali | Service Mesh, Operator, and Service Mesh Dashboard (Core App) | Apache License 2.0 (Free/OSS) | * [Tetrate](https://www.tetrate.io/) is an Istio Vendor that can offer commercial support. | | Jaeger | APM (Application Performance Monitoring) / Tracing (Core App) | Apache License 2.0 (Free/OSS) | | -| Prometheus Operator Stack (Prometheus, Grafana, AlertManager, etc.) | Metrics, Metrics Dashboard, and Alerts (Core App) | Apache License 2.0 [Future versions will move to GNU Affero GPL v3](https://grafana.com/blog/2021/04/20/grafana-loki-tempo-relicensing-to-agplv3/) (Free/OSS) | | +| Prometheus Operator Stack (Prometheus, Grafana, AlertManager, Loki, etc.) | Metrics, Metrics Dashboard, and Alerts (Core App) | GNU Affero General Public License v3.0 | | | Fluentbit | Log Shipper (Core App) | Apache License 2.0 (Free/OSS) | | | ECK (Elastic Cloud on Kubernetes) (ElasticSearch and Kibana) | Log Storage and Log Dashboard (Core App) | [Elastic License](https://github.com/elastic/cloud-on-k8s/blob/master/LICENSE.txt) (Freemium) | **Enterprise features of note:** Kibana SSO, authn, authz, FIPS 140-2 mode, audit logging require an enterprise tier license. **Free tier notes:** BigBang's Authservice/Authentication Proxy could be put in front of Kibana to achieve basic SSO with all or nothing access. PartyBus uses licensed ElasticSearch <https://www.elastic.co/subscriptions> [licensing](package-architecture/elasticsearch-kibana.md#licensing) | | Cluster Auditor | Collects OPA GK events and sends them to ElasticSearch for Review (Core App) | Apache License 2.0 (Free/OSS) | | @@ -61,3 +61,5 @@ Licensing of products deployable by BigBang are not covered by the BigBang team. | Gitlab, Gitlab Runners | GitRepo, Container Registry, and CICD Software Factory (AddOn App) | Gitlab Community Edition: MIT Expat license Gitlab Enterprise Edition: (multiple tiers) | **Premium features of note:** Release Controls, Project Management **Ultimate features of note:** Unlimited Guest Users, Advanced Security Testing (Note this functionality comes from container images that may not yet be in IronBank) **Free tier notes:** Free tier is fine for Proof of Concepts, but the Release Controls in Premium tier contain security controls that would be necessary for a cATO pipeline. PartyBus has multiple instances of Gitlab, most use Premium, a few use Ultimate. PartyBus's Gitlab pipelines integrate with additional licensed apps: Twistlock, Anchore, [Fortify](https://repo1.dso.mil/platform-one/big-bang/apps/third-party/fortify), [SD Elements](https://www.securitycompass.com/sdelements/), and others. (This is offered as a data point, it doesn't mean these are required for a cATO pipeline, the Consumer of BigBang's AO makes that call.) <https://about.gitlab.com/pricing/#self-managed> <https://gitlab.com/gitlab-org/gitlab-foss/-/tree/master#editions> | | SonarQube Community Edition | Static Code Analysis (AddOn App) | SonarQube CE: GNU Lesser GPL License v3 (Community Edition is Free/OSS) | An Enterprise Edition Exists, but is not bundled by BigBang | | Anchore Enterprise Edition* | Vulnerability Scanner (AddOn App) | Anchore Enterprise Edition (Paid/Licensed) Anchore OpenSource Edition Apache License 2.0 (Free/OSS) | **Licensed features of note:** Proprietary Vulnerability Data Feeds for increased accuracy, NIST 800-190, Docker CIS Compliance, DoD container Policy Compliance, cATO Capable, RBAC, SSO **Free tier notes:** BigBang's values file can be set to deploy the OSS version for Proof of Concept deployments. PartyBus and other Platform One services use the licensed version <https://docs.anchore.com/3.0/docs/faq/#2> <https://anchore.com/pricing/> [licensing](package-architecture/anchore.md#licensing) <https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/main/docs/CHART.md#adding-enterprise-components> | +| Vault | Secret management (AddOn App) | Mozilla Public License 2.0 | | +| Metrics Server | Scalable, efficient source of container resource metrics. (AddOn App) | Apache License 2.0 | | \ No newline at end of file