Two complementary forces working in harmony. Choose the right tool for your security needs, or combine them for maximum protection.
Finds what others miss. Exhaustive security analysis across your entire codebase, infrastructure, and supply chain. Designed for teams that need complete visibility and surgical precision.
Explore Auditor CoreStops threats before they emerge. Enforces security policies at the commit level, creating an impenetrable development perimeter. Designed for teams that require absolute predictability and zero telemetry.
Explore SentinelDetailed comparison to help you choose the right tool for your security needs.
| Feature / Capability | Auditor Core | Sentinel |
|---|---|---|
| Core Purpose & Philosophy | ||
| Primary Objective |
Find vulnerabilities and security risks
Exhaustive analysis for complete visibility |
Enforce security policies
Deterministic gate for policy compliance |
| Result Type |
Risk list with severity scores
Detailed findings for remediation |
ALLOW / BLOCK decision
Binary outcome for pipeline control |
| Analysis Depth & Coverage | ||
| Secret Detection |
Advanced pattern mapping, including git history
AWS keys, tokens, private keys, credentials |
Core patterns for blocking
Focus on critical production secrets |
| SAST Analysis |
Deep code analysis
SQLi, XSS, command injection, crypto issues |
Not applicable
Focus on configuration and policy |
| Infrastructure Security |
Terraform, Docker, K8s analysis
Misconfigurations, security risks, best practices |
Policy enforcement for IaC
Blocks insecure configurations at commit |
| Integration & Workflow | ||
| CI/CD Integration |
Scheduled scans, PR comments
Provides findings for developer review |
Physical gate with exit codes
Blocks pipeline on violation (exit 1) |
| Local Development |
CLI tool for local scanning
Pre-commit hooks available |
Git hooks for blocking commits
Prevents insecure code from being committed |
| Network Requirements |
Optional for remote repos
Can clone and analyze remote repositories |
100% offline operation
Air-gap ready, zero telemetry |
| Reporting & Output | ||
| Delivery Method |
GitHub repository
Clone and install via pip/git |
Secure email archive
Encrypted archive with full installation guide |
| Report Formats |
HTML, PDF, JSON
Executive summaries and technical details |
HTML audit trail
Violation reports with justification tracking |
| CWE Mapping |
Full CWE mapping
Each finding linked to MITRE CWE |
Rule-based CWE references
Policy violations reference relevant CWEs |
Choose based on your specific security requirements and workflow.
Maximum protection through defense in depth.
Auditor Core performs exhaustive analysis of existing codebase
Team addresses critical findings with detailed reports
Sentinel enforces policies on all new commits
Regular audits + real-time protection = secure territory
For maximum protection, use Auditor Core for periodic deep audits and Sentinel for continuous policy enforcement. This creates a complete security feedback loop.
Start with Enterprise AuditMost teams start with Auditor Core to understand their risk landscape, then add Sentinel to prevent those risks from reoccurring.