Sttor Documentation

Appearance

CI vs Posture vs Runtime

DevSecOps Bot by Sttor spans multiple security “moments”.

CI (Shift-left)

  • Scans on every PR and push
  • Best for preventing new risk from being merged
  • Supports automation (gates, checks, AI AutoFix suggestions)

Posture (Continuous)

  • Ongoing view of repo/branch/container/K8s posture
  • Detects drift in risk over time (new issues, unresolved criticals, compliance readiness)

Runtime (Where Applicable)

  • Kubernetes posture/runtime detection concepts live here
  • Focus is detecting misconfigurations, risky access, and cluster-level issues after deploy

Copyright © 2026 Sttor