Every capability mapped side by side. New in v2.2.1: Chain Analysis, local LLM mode, PDF Evidence Appendix, Gate Override.
| Capability | Auditor Core v2.2.1 | Sentinel Core v2.2.1 |
|---|---|---|
| Core Purpose | ||
| Primary role | Deep audit β find all vulnerabilities, attack chains | Real-time gate β block policy violations & chains |
| Execution model | On-demand CLI scan | Pre-commit hook + CI/CD pipeline |
| Output type | Risk list with SPI score + AI verdicts + chain map | ALLOW / BLOCK (exit 0 / exit 1) + chain alert |
| Version | v2.2.1 | v2.2.1 |
| Chain Analysis (Attack Paths) | ||
| Correlate findings into multi-step exploits | Yes β dedicated attack path section in all reports | Yes β chains trigger BLOCK, alert includes full path |
| Severity escalation (LOW β CRITICAL) | Applied before SPI calculation | Chain escalation triggers BLOCK regardless of original severity |
| Chain suppression / override | Whole-chain suppression in baseline.json | Whole-chain justification in sentinel.yaml |
| Detection Engines | ||
| Total detectors | 11 detectors | 11 detectors (via embedded Auditor Core) |
| Bandit (Python SAST) | Full deep scan | Changed files only |
| Semgrep (multi-lang SAST) | Full deep scan | Changed files only |
| Gitleaks (secrets in git history) | Full history scan | Current commit |
| Secret Detector | 30+ patterns, all file types | Critical patterns for BLOCK |
| CICD Analyzer | GitHub Actions, Jenkinsfiles, scripts | SHA pinning enforcement |
| IaC Scanner | Terraform, Docker, K8s, Helm | Policy enforcement on IaC commits |
| Dependency Scanner | CVE lookup, license check | Blocks unpinned / vulnerable deps |
| License Scanner | GPL / copyleft detection | Policy-defined allowed licenses |
| Bridge Detector | Cross-repo bridge exposure | Blocks bridge misconfigurations |
| SAST Scanner | SQLi, XSS, command injection, crypto | Critical severity only |
| Slither (Solidity) | Smart contract analysis (optional) | Not included |
| AI Advisory Layer | ||
| Primary AI engine | Gemini 2.5 Flash | Gemini 2.5 Flash |
| Fallback AI engine | Groq β Llama 3.3 70B | Groq β Llama 3.3 70B |
| Auto quota fallback | Automatic, no intervention needed | Automatic, no intervention needed |
| Local LLM mode (airβgap) | New in v2.2.1 β llama.cpp, fully offline | New in v2.2.1 β same local engine |
| Chainβaware AI context | AI receives full attack path for chained findings | AI verdict considers chain escalation |
| AI false-positive filter | AI VERIFIED / AI FALSE POSITIVE badges | Eliminates FP before BLOCK decision |
| Offline fallback (no AI) | Full scan without AI enrichment | Core enforcement continues offline |
| Scoring & Reporting | ||
| Scoring formula | WSPM v2.2 β SPI (0β100) | No score β binary ALLOW / BLOCK |
| SPI posture labels | Critical / High-Risk / Vulnerable / Resilient / Hardened | Not applicable |
| Gate Override (CRITICAL cap) | Grade capped at C when CRITICAL in production | BLOCK enforced regardless of SPI |
| PDF Executive Summary | 7-page, Evidence Appendix with source context, SOC 2 / cyber insurance ready | PDF Evidence Appendix per blocked commit |
| Attack Path section in PDF | Yes β visual chain diagram with severity escalation | Yes β in blocked commit report |
| HTML report | Full interactive report with collapsible chain cards, AI badges | Violation report per blocked commit |
| JSON output | Machine-readable findings + chain block + attack_paths root + framework_summary |
Structured block event with chain details |
| SOC 2 / CIS / ISO 27001 mapping | Every finding tagged to controls, framework_summary aggregated |
Controls in GitHub Issue alerts, JSON |
| CWE mapping | Each finding linked to MITRE CWE | Policy violations reference CWEs |
| GitHub Issues alert | Not applicable | Auto-created on every BLOCK, includes chain path |
| Integration & Deployment | ||
| Pre-commit hook | Optional | Installed automatically by start.sh |
| CI/CD pipeline gate | Scheduled scan / PR comment | Hard gate β blocks push on violation (including chains) |
| Installation | pip install or bash start.sh | bash start.sh in target repo |
| Delivery method | Public GitHub repository | Secure email archive |
| Supported OS | Linux, macOS, Windows | Linux, macOS, Windows |
| Python requirement | Python 3.10+ | Python 3.10+ |
| Security & Privacy | ||
| Telemetry | None β 0 data collected | None β 0 data collected |
| Network required at runtime | Optional (AI enrichment uses API, but local LLM mode removes this) | No β 100% offline capable (with local LLM) |
| Air-gap compatible | Yes β local LLM mode now available | Full air-gap support |
| License binding | Hardware Machine ID | Hardware Machine ID (stricter) |
| Core logic obfuscation | Cython-compiled .so binaries | Cython-compiled .so binaries |
| Self-update / remote rules | Never | Never |
Choose based on your security objective and workflow stage.
Maximum protection through defence in depth. Audit the past β enforce the future. Chain Analysis works across both.
Auditor Core scans entire repo. SPI score established. Chain analysis reveals attack paths. Full findings report generated.
Team addresses critical findings and breaks identified chains using the detailed AI-verified report as a roadmap.
Sentinel installed in every active repo. Pre-commit hook + CI/CD pipeline enforced. Chain escalation triggers BLOCK automatically.
Auditor Core re-run quarterly. SPI trend tracked. New chains identified. Sentinel policy updated if needed.
Past risks documented. New risks blocked automatically. Full posture sovereignty with attack path visibility.
Start with Auditor Core to establish your security baseline, SPI score, and map all attack chains. Deploy Sentinel immediately after to prevent regression β including chain reintroduction. Run Auditor Core quarterly β use the delta as your compliance evidence.
Start with an Enterprise Audit