Service Tiers

Three tiers. One contract.

Start with CVE patches. Add architectural assurance when you need auditors satisfied. Add managed operations when you need us holding the pager.

OSSeva Patch

CVE remediation only.

Drop-in patched binaries for your EOL runtime, delivered quarterly or out-of-cycle for CVSS 9+ issues. Signed artifacts, repo manager integration, vulnerability disclosures.

  • Quarterly CVE patches for all covered versions
  • Signed artifacts (GPG + Sigstore)
  • Helm / Maven / OCI registry delivery
  • Vulnerability disclosure notifications
  • Version compatibility matrix
  • Architecture review
  • Compliance attestations
  • 24/7 managed operations
  • Incident response SLA
Start with PatchLearn more →
Most popular

OSSeva Assure

Patch + architecture + compliance.

Everything in Patch, plus an annual configuration and architecture review, version-upgrade planning, and the compliance documentation your auditors require.

  • Everything in Patch
  • Annual configuration & architecture audit
  • Version upgrade planning & roadmap
  • SOC 2 / HIPAA / PCI / ISO 27001 compliance evidence package
  • Pen-test validation summary
  • Reference architecture for your deployment
  • Named architecture consultant
  • 24/7 managed operations
  • Incident response SLA
Start with AssureLearn more →

OSSeva Operate

Full MSP. We hold the pager.

24/7 monitored operations, proactive incident management, and named senior engineers who know your system — with a 15-minute P1 SLA (OSSeva Operate) and quarterly business reviews.

  • Everything in Assure
  • 24/7 proactive monitoring & alerting
  • 15-minute P1 incident response SLA
  • Named senior engineer on your account
  • Runbook authoring and maintenance
  • Quarterly business reviews
  • On-call escalation to senior OSSeva engineers
  • Capacity planning & scaling support
  • Incident post-mortems & prevention
Start with OperateLearn more →

Need a one-off engagement?

Architecture audits, migration design, training, and hardening engagements are available as fixed-scope, fixed-fee professional services — without a recurring subscription.

See Professional Services →

Frequently asked questions

What is included in OSSeva Patch?

OSSeva Patch includes: CVE discovery and triage for all covered technologies, backported security patches to EOL versions, signed binary builds delivered via Docker/Helm/tarball, SHA-256 checksums, CVE attestation letters for each release, and a dedicated Slack channel with monthly patch release notifications.

What is the SLA for critical CVE patches?

For CVSS ≥ 9.0 (Critical), OSSeva targets patch delivery within 72 hours of vulnerability confirmation. For CVSS 7.0–8.9 (High), the SLA is 2 business weeks. Medium and low severity vulnerabilities are bundled into monthly patch releases. SLAs are contractually guaranteed and tied to the OSSeva Assure and Operate tiers.

What is OSSeva Assure?

OSSeva Assure is OSSeva Patch plus architectural assurance and compliance documentation. It includes everything in Patch, plus: compliance evidence matrices mapped to SOC 2, PCI DSS, HIPAA, ISO 27001, DORA, and FedRAMP controls; an architectural review of your deployment for security configuration gaps; and audit attestation letters signed by OSSeva's compliance team. Most customers in regulated industries (financial services, healthcare, government) start here.

What is OSSeva Operate?

OSSeva Operate is full managed operations on top of Assure. It adds: 24/7 incident response with defined P1/P2/P3 response SLAs, infrastructure monitoring and alerting, capacity planning and performance reviews, version upgrade planning, and optional on-call engineering coverage. It is designed for teams that want to treat their OSS infrastructure as managed rather than self-operated.

How is OSSeva priced?

OSSeva pricing is based on the technologies covered, the tier selected (Patch, Assure, or Operate), and the deployment scale. Unlike commercial vendors such as Broadcom Tanzu, OSSeva does not use per-core or per-socket licensing models. Pricing is scoped per engagement on a discovery call. Most customers see 60–80% cost savings compared to equivalent commercial support contracts.

What is the minimum contract term?

OSSeva engagements are structured as annual contracts, typically with a 12-month initial term. Multi-year commitments are available with pricing advantages. There is no trial period, but the discovery call and proposal process is scoped to ensure the engagement is a fit before any commitment.

Not sure which tier fits your team?

The discovery call is free and takes 45 minutes. We scope your coverage needs and recommend the right tier — no pressure to sign anything that day.

Book a Discovery CallCompare technologies →