What Sttor Code Scans

Sttor Code focuses on security and compliance signals that come directly from your repositories:

SAST (Application Security)

Insecure code patterns and risky data flows (language-aware).

SCA (Dependencies)

Vulnerable third-party libraries and transitive dependency risk (including reachability when available).

Secrets Detection

Accidental credentials and tokens committed in code.

IaC Security (when enabled in Sttor Code scope)

Misconfigurations in Terraform/OpenTofu/K8s manifests/Dockerfile, etc.

License Compliance (when enabled in Sttor Code scope)

License identification + policy checks (e.g., Apache, MIT, GPL/AGPL).

SBOM (Branch-level)

SBOM generated per branch for traceability and reporting.

Reports (Planned/Expanding)

SOC 2, PCI DSS, RBI framework, NIST mappings from findings to controls.

NOTE

Today Sttor Code supports GitHub. Bitbucket/GitLab are planned.

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

What Sttor Code Scans

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security (when enabled in Sttor Code scope)

License Compliance (when enabled in Sttor Code scope)

SBOM (Branch-level)

Reports (Planned/Expanding)

SAST Rules

IaC Rules

License Rules

What Sttor Code Scans ​

SAST (Application Security) ​

SCA (Dependencies) ​

Secrets Detection ​

IaC Security (when enabled in Sttor Code scope) ​

License Compliance (when enabled in Sttor Code scope) ​

SBOM (Branch-level) ​

Reports (Planned/Expanding) ​

What Sttor Code Scans

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security (when enabled in Sttor Code scope)

License Compliance (when enabled in Sttor Code scope)

SBOM (Branch-level)

Reports (Planned/Expanding)