Unlike scanners that provide risk opinions, Sentinel delivers authoritative decisions. Every execution results in exactly one of two states.
Zero violations detected. Code meets all security policies. Pipeline proceeds without interruption.
Unapproved critical violations detected. Pipeline terminates immediately. Code cannot proceed.
Overridden violations with formal justification. Pipeline proceeds with explicit audit trail.
Sentinel uses an auditable exception model. Violations cannot be silently ignored;
they must be formally justified in sentinel.yaml.
Sentinel enforces a single authoritative decision point per execution.
Prohibits mutable :latest tags. Enforces pinned versions for build reproducibility.
Blocks AWS keys, private keys, bot tokens, and other credentials in code.
Enforces SHA pinning for GitHub Actions to prevent supply chain attacks.
Enforces runAsNonRoot and resource limits in K8s manifests.
Sentinel forbids all network access at runtime by design. Safe for air-gapped environments.
No usage data is ever collected. Sentinel operates without phoning home.
Operates without internet access. Safe for highly restricted internal environments.
Never self-updates or pulls remote rules at runtime. Security logic is guaranteed.
Stop threats before they emerge. Sentinel creates an impenetrable development perimeter that blocks insecure code at the commit level.
Sentinel is designed for private-mirror environments. Admins host the core in a corporate repository, ensuring full sovereignty over security logic.
Sentinel is delivered as a hardened archive via secure email. This ensures complete sovereignty over your security logic and eliminates external dependencies.
Typically delivered within 24 hours
Includes comprehensive deployment guide