Welcome to Sttor

Sttor is an intelligent code security platform that continuously scans your code, open‑source dependencies, container images, and cloud configurations to uncover critical risks in your stack. It helps your team find and fix vulnerabilities, misconfigurations, and compliance issues before they reach production.

With Sttor, you can automatically remediate issues, reduce false positives, and focus on the vulnerabilities that actually matter to your applications and business.

Get started with Sttor

• Connect your repositories and cloud accounts to start continuous scanning across code, dependencies, and infrastructure.
• Roll out Sttor to your team or organization with guided setup for workspaces, projects, and access control.
• Integrate Sttor into your CI/CD pipelines so every build and deployment is automatically checked for risk. ​

Introduction

Learn about DevSecOps, platform scope, and how Sttor is different

→

Getting Started

Create a tenant, set up your domain, and connect your repositories

→

Core Concepts

Understand tenants, scans, issues, severity, and SBOM lifecycle

→

Sttor Code

Scan code for SAST, SCA, secrets, IaC, and license compliance

→

Sttor Containers

Scan container images for vulnerabilities, secrets, and CIS benchmarks

→

Sttor Kubernetes

Manage Kubernetes posture, runtime detection, and access analysis

→

Reports & Compliance

Generate compliance reports for SOC 2, PCI DSS, NIST, and more

→

Administration

Manage users, roles, tenant settings, and platform configuration

→

Deployment Models

Learn about SaaS and on-premises deployment options

→

Integrations

Connect Sttor with GitHub, Slack, and other development tools

→