🛡️SentinelOSS
+ Scan
🛡️SentinelOSS

No account needed

Data stays in your browser

Security platform for modern development

Secure your code, your dependencies,
and your AI agents.

Modern software has three attack surfaces. SentinelOSS covers all of them — scanning what you write, monitoring what you import, and controlling what your AI tools do at runtime.

Get started free →How it worksTry the manual scanner

Three layers. One platform.

Most security tools own one layer. Attackers use all three. SentinelOSS is built to cover the full attack surface of modern development.

📄Layer 1 — Your Code

Code scanning

Six security checks run automatically on every push — no CI changes, no agents to install.

  • Dependency CVEs (OSV + NVD)
  • Supply chain attack patterns
  • License compliance
  • Security headers
  • SSL/TLS grade
  • AI code review on every diff
SentinelOSS ScannerLearn more →
📦Layer 2 — Your Packages

Supply chain monitoring

Continuously watches the packages you depend on — even when you don't push anything.

  • Maintainer change alerts
  • SHA digest drift detection
  • Dormant package takeovers
  • New CVEs on existing deps
  • Typosquatting detection
  • Covers PyPI and npm
TrustAuthority
🤖Layer 3 — Your AI Agents

Agent control layer

AI agents run real commands. TAP intercepts every tool call before it executes.

  • Firewall rules per tool call
  • Block dangerous operations
  • Human approval for high-risk actions
  • Full audit log of every action
  • Slack notifications with approve/deny
  • Works with any MCP-compatible agent
TAP Proxy

How Layer 1 works — every push

⬆️git pushyour repo
🔗WebhookHMAC verified
🔍6 scannersin parallel
📊Reportfull detail
💬AlertSlack · TG

Results delivered in under 15 seconds per push

Hover any step above to see what happens there.

The threats your current tools miss

😴

Dormant package takeover

A popular package goes unmaintained for 2 years. A new owner registers it, pushes malicious code. Your lockfile still trusts it. TrustAuthority catches the ownership change overnight.

🔄

Retroactive tarball swap

Same version number, different bytes. A compromised registry replaces a published package without bumping the version. SHA drift detection catches it before your next install.

🤖

AI agent running unsupervised

Your coding agent decides to restart a production service to resolve a slow query. Without TAP, it succeeds. With TAP, it hits a firewall rule and waits for your approval.

Six security checks on every push

No configuration needed — all six run automatically from the moment you connect your repo.

🦠

Dependency CVEs

OSV + NVD

Every package in your lockfile checked against the OSV database and GitHub Advisory DB. Finds known vulnerabilities with severity ratings.

🔒

SSL / TLS Grade

Qualys SSL Labs analysis — protocol versions, cipher suites, HSTS, certificate validity. Graded A+ to F with specific improvement steps.

🔗

Supply Chain

AI

Scans your GitHub Actions workflows for 16 attack patterns: curl-to-shell, unpinned actions, pull_request_target, sudo, self-hosted runners.

🛡

Security Headers

Checks HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy. Scored A+ to F with per-header fix tips.

⚖️

License Compliance

Detects GPL, AGPL, LGPL, MPL, and other copyleft licenses in your npm dependencies. Flags packages that may affect your distribution rights.

🛡️

Guardian Code Analysis

Claude AI

Claude AI reviews every diff for backdoors, secrets, obfuscated code, mass deletions, and suspicious URLs. Gives a risk score per commit.

Up and running in 3 minutes

No agents to install. No CI changes needed. Just a GitHub webhook.

1

Create your account

Sign in with GitHub — your organisation is created automatically.

2

Generate your webhook secret

One click on the Automation page gives you a unique Webhook URL and secret.

3

Add to GitHub

Paste the URL and secret into your repo's Webhook settings. That's it.

Get started free →

You receive in Slack

📦 SentinelOSS Security Report

Repo: your-org/api-service

Branch: main · Commit: a3f9c12

Pusher: rafraf · Packages: 248

🚨 CVEs — Critical: 0 | High: 2 | Medium: 5

🔒 SSL sentineloss.cloudrf.xyz: A+

🔗 Supply chain: CLEAN

View full report →

Delivered in ~12 seconds after push

Alerts where your team already works

Add as many channels as you need — all fire simultaneously on every push.

💬

Slack

Paste an Incoming Webhook URL

🔷

Microsoft Teams

Paste an Incoming Webhook URL

✈️

Telegram

Enter bot token + chat ID

Also available: on-demand scanners

Run one-off scans — no account required. CVEs, licenses, headers, SSL, supply chain and more.

Open scanner →