SOT

SOT Navigator

Deterministic codebase risk artifacts
Back to home

Trust and method

Trust comes from artifacts, not personality.

SOT Navigator is built for decision-grade output under time pressure. The credibility model is simple: deterministic generation, evidence-linked claims, and explicit limits.

Core guarantees

  • Determinism: same input, byte-identical output.
  • Traceability: claims map to path + hash + line.
  • Explicit unknowns: blind spots are first-class outputs.
  • Drift governance: score and gap regressions are CI-guarded.

Boundary conditions

  • Technical evidence mapping only. Not legal advice or certification.
  • Not a SAST replacement. Positioning is risk evidence and decision support.
  • Public website shows proof-of-method; full target artifacts are NDA-delivered.
  • No hidden interpretation layer in generated findings.
  • Fixed-scope delivery. Scope expansion goes through change control.

Principal-led delivery

How trust is maintained with principal-led delivery.

Productized delivery

Outcomes are fixed-scope artifact packs, not open-ended consulting hours.

Evidence-first readout

Optional calls are for decision alignment, not to justify undocumented findings.

Re-run friendly

Teams can re-run and verify outputs against the published method and artifact contracts.

Scope qualification

Best buyers and trigger conditions.

Primary buyer Active trigger Decision window Fit signal
M&A diligence teams Acquisition, investment, or technical diligence cycle 2 to 30 days Need independent, board-facing risk evidence
Security/GRC lead SOC2/PCI/ISO/NIST/GDPR evidence pressure 2 to 45 days Needs deterministic traceability for audit preparation
CTO or VP Engineering Board request, incident aftermath, or governance reset 7 to 45 days Needs decision-ready risk baseline across critical repos

Disqualifiers

  • No clear owner, no decision timeline, or no active business trigger.
  • Request is mainly ad-hoc engineering consulting or custom detector R&D.
  • Need is broad code-quality tooling instead of decision-grade risk evidence.

Diligence path

Acquisition and investment decision support.

Compliance path

Audit-readiness evidence mapping workflow.

CTO path

Leadership baseline and engineering governance.

Public proof chain

What buyers can verify today

Case studies

Public validation runs with reproducibility context and artifacts.

Artifact guide

What each output means and how technical teams verify it.

Proof bundle map

Public claim-to-artifact verification chain.
Request scope Review proof first