Core Concepts
This section explains the “mental model” of DevSecOps Bot by Sttor—how tenants, repos, scans, issues, SBOMs, and AI features fit together.
Tenant Model
A Tenant is the top-level boundary in the platform—think one tenant = one organization. What a tenant includes:
- Users (admins + read-only users)
- Connected SCM integrations (today: GitHub; more later)
- Repositories and branches under that tenant
- Tenant-level settings (notifications, policies, data locations, etc.)
- Storage configuration (S3-compatible bucket for tenant artifacts)
Data Ownership & Storage
- Sttor does not store tenant source code.
- Scan outputs and platform artifacts are stored in your S3-compatible bucket (your storage boundary).
- Enterprise setups can use in-house hosting of the bucket and in-house scanners.