Sttor Documentation

Appearance

Custom policies

Custom policies are supported for rules where governance matters most (especially licenses and high-risk vulnerabilities). Policy metadata (block/warn/report) can be attached to rule IDs and applied consistently across PR and branch scans.

Examples

  • Block PR if LICENSE-0002 (AGPL) is introduced
  • Mark PACKAGE-0001 as “block” only when severity ≥ High and EPSS ≥ threshold
  • Treat certain secrets rules as always-block for protected branches

Copyright © 2026 Sttor