Overview
The Rule Catalog is the authoritative list of checks used by Sttor DevSecOps Bot to detect issues across Code scanning:
- SAST (application security)
- SCA (dependency vulnerabilities)
- Secrets detection
- IaC security
- License compliance
Every finding you see in the UI (Issue Tracker, PR checks, branch scans, reports) maps back to a Rule ID in this catalog. The catalog exists to make your security program consistent, searchable, auditable, and governable—especially when you’re driving compliance reporting (SOC 2, PCI DSS, RBI, NIST).
Rule Catalog table UI with filters (severity, category, language, tags)