Platform Scope
DevSecOps Bot is designed to cover the full application security and cloud-native security surface.
Core Coverage Areas
1. Code Security (Sttor Code)
- SAST (static analysis)
- SCA (dependency & license analysis)
- Secrets detection
- Reachability Analysis for vulnerable dependencies
- Language-specific rule engines (Java, Python, Go, Rust, etc.)
2. Infrastructure as Code (Sttor IaC)
- Terraform, OpenTofu, CloudFormation, CDK, Dockerfile, Kubernetes manifests
- Misconfiguration detection
- Policy-as-code enforcement
3. Containers (Sttor Containers)
- Image vulnerability scanning
- Base image risk detection
- OS & package vulnerabilities
- Image hardening guidance
4. Kubernetes Security (Sttor Kubernetes)
- Cluster configuration checks
- Workload security
- CIS Kubernetes Benchmark alignment
- Runtime-ready posture assessment
5. SBOM & Supply Chain (Sttor SBOM / Supply Chain)
- SBOM generation per branch, per build
- Dependency lineage and version tracking
- Supply-chain visibility across environments
6. License Compliance (Sttor License)
- License identification and classification
- Policy enforcement for licenses (Apache, MIT, AGPL, GPL, etc.)
- Risk visibility for commercial usage