Otto

Otto Stack

Otto Stack is the entry point to Otto. It assesses your current tech stack against a curated, versioned registry of approved technologies, then provides specific recommendations to modernize and standardize your projects.

What Otto Stack Does

  • Stack Assessment — Scans your project's dependencies, frameworks, and configurations. Identifies outdated versions, deprecated libraries, and non-standard patterns.
  • Scaffolding — Generates new projects using approved stacks with best-practice configurations already in place.
  • Readiness Tiers — Three tiers (Essential, Standard, Complete) measure how production-ready your stack is, with clear requirements and an improvement plan at each level.
  • Continuous Modernization — Monitors your stack over time and alerts you when dependencies need updating or new best practices emerge.

The Stack Registry

At the core of Otto Stack is a curated registry of approved technologies. This is not just a list of frameworks — it includes specific version ranges, configuration standards, and validation criteria. The registry is continuously updated, and old vulnerable stacks are removed.

Categories in the registry include frontend frameworks, backend frameworks, databases, ORMs, authentication libraries, CSS approaches, testing frameworks, CI/CD tools, and more.

How an Assessment Works

  1. Otto reads your project's configuration files (package.json, Dockerfile, CI configs, etc.)
  2. Each dependency and configuration is checked against the registry
  3. A scorecard is generated showing what is compliant, what needs updating, and what should be replaced
  4. Specific remediation steps are provided for each finding

Readiness Tiers

Otto Stack measures your project against three readiness tiers. Each tier builds on the previous one:

  • Essential — Approved stack, unit tests, CI/CD, security scanning (CVE + secrets + SAST), structured logging, linting, and git safety. Required to activate Otto Dev.
  • Standard — Essential plus E2E tests, monitoring, pre-commit hooks, documentation, and container scanning. Recommended for production applications.
  • Complete — Standard plus performance tests, accessibility testing, dev containers, zero-downtime migrations, and full observability. For enterprise and regulated environments.

Security is enforced at every tier — it is never optional. Your readiness score shows your current tier and exactly what is needed to reach the next level.

How Otto Teaches

Every assessment finding includes what to fix, why it matters, and which industry standard it comes from (OWASP, DORA, 12-Factor, NIST). Your team learns current best practices through daily use — not training sessions.

Free Scorecard

Every project gets a free stack scorecard — no subscription required. The scorecard shows your overall stack health and highlights the top issues. Full remediation details and ongoing monitoring require an Otto Stack subscription.

Otto Stack is available standalone or as part of Otto Complete. It is also a prerequisite for Otto Dev and Otto Ops — those products build on Stack's understanding of your tech stack.