SENTRIK — governance runtime for AI-generated code. Scan, gate, and trace compliance automatically.
Project description
sentrik
Governance runtime for AI-generated code. Scan, gate, and trace compliance automatically.
npm install -g sentrik
30-Second Quickstart
# Open any project and scan — no setup needed
sentrik scan
# Enforce quality gate (exit 1 on failure)
sentrik gate
That's it. sentrik auto-detects your project, applies sensible defaults, and shows findings inline. No wizard, no config files needed.
Want to customize? Run sentrik init to generate a .sentrik/config.yaml with detected settings.
Why sentrik?
Teams using Copilot, Cursor, Claude Code, and AI coding agents generate code fast — but compliance doesn't keep up. sentrik enforces standards automatically:
- IEC 62304 for medical device software (FDA/EU MDR)
- OWASP Top 10 for web application security
- SOC2 Trust Services Criteria
- Custom rule packs for your own standards
Key Features
| Feature | Description |
|---|---|
| Zero Config | Auto-detects project, applies sensible defaults — just scan |
| Rules Engine | Regex, AST, and file-policy rules with auto-fix |
| Standards Packs | 14 pre-built packs: IEC 62304, OWASP, SOC2, HIPAA, PCI DSS, ISO 27001, PHP, Kotlin, and more |
| CI/CD Gate | Block non-compliant PRs in GitHub Actions, Azure Pipelines, or GitLab CI |
| PR Decoration | Compliance summary + findings as PR comments on GitHub and Azure DevOps |
| Work Item Traceability | Link findings to Azure DevOps, GitHub Issues, or Jira |
| Reconciliation | Auto-create/update/close work items from scan results |
| Management Dashboard | Web UI for findings, rules, packs, audit log |
| REST API | 75+ endpoints for remote scanning and integration |
| Reports | HTML, JUnit XML, SARIF, CSV, compliance reports, trust center |
| Continuous Monitoring | sentrik watch — file-change detection and periodic scanning |
| Confidence Scoring | Variable confidence based on code context; opt-in LLM re-scoring (provider-agnostic: Anthropic, OpenAI, Ollama) |
| VS Code / Cursor | Auto-scan on save, inline findings, zero setup |
Installation
npm install -g sentrik
Downloads a platform-specific binary. No Python, no Docker, no extra dependencies. Works on macOS, Linux, and Windows.
CI/CD Integration
GitHub Actions
- name: sentrik Gate
run: |
npm install -g sentrik
sentrik gate --git-range "origin/main...HEAD" --decorate-pr --status-check
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Azure Pipelines
- script: |
npm install -g sentrik
sentrik gate --git-range "origin/main...HEAD" --decorate-pr --status-check
env:
AZURE_DEVOPS_PAT: $(AZURE_DEVOPS_PAT)
GitLab CI
sentrik-gate:
stage: compliance
image: python:3.12-slim
before_script:
- pip install sentrik
script:
- sentrik gate --git-range "origin/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME...HEAD"
artifacts:
reports:
junit: out/findings.junit.xml
Management Dashboard
Start the API server and open the dashboard:
sentrik dashboard
The dashboard provides:
- Scan metrics and severity charts
- Searchable/filterable rule browser
- Standards pack management
- Work items with DevOps sync
- Governance policy configuration
- Audit log timeline
Enterprise Features
Unlock advanced capabilities with a license key from sentrik.dev:
sentrik license # Check your current license status
| Feature | Community (Free) | Team ($29/mo) | Organization ($99/mo) | Enterprise ($299/mo) |
|---|---|---|---|---|
| Scan, gate, reconcile | Yes | Yes | Yes | Yes |
| Dashboard + API | Yes | Yes | Yes | Yes |
| Standards packs | Yes | Yes | Yes | Yes |
| Priority support | - | Yes | Yes | Yes |
| Parallel scanning | - | - | Yes | Yes |
| Severity rescoring | - | - | Yes | Yes |
| OAuth integration | - | - | Yes | Yes |
| Governance profiles | - | - | - | Yes |
| Audit logging | - | - | - | Yes |
| Async approval gates | - | - | - | Yes |
| Custom standards packs | - | - | - | Yes |
Configuration
sentrik auto-detects your project and works without config. To customize, create .sentrik/config.yaml:
output_dir: out
standards_packs:
- owasp-top-10
gate_fail_on:
- critical
- high
reporters:
- html
- sarif
devops_provider: github # stub, azure, github, jira
Legacy .guard.yaml files are still supported. Migrate with sentrik migrate.
Environment variables override config values — see documentation for the full list.
Standards Packs
sentrik list-packs # See available packs
sentrik add-pack fda-iec-62304 # Enable a pack
sentrik add-pack owasp-top-10 # Enable another
| Pack | Rules | Standard |
|---|---|---|
fda-iec-62304 |
31 | IEC 62304 / 21 CFR Part 11 |
owasp-top-10 |
69 | OWASP Top 10 2021 |
soc2 |
30 | SOC2 Trust Services Criteria |
hipaa |
25 | HIPAA Security Rule |
pci-dss |
33 | PCI DSS v4.0 |
iso-27001 |
32 | ISO 27001:2022 |
php-security |
15 | PHP/Laravel Security |
kotlin-security |
13 | Kotlin/Android/Spring Boot |
Links
License
Proprietary. See LICENSE for details. Free tier available with no limits on core features.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sentrik-1.5.20.tar.gz.
File metadata
- Download URL: sentrik-1.5.20.tar.gz
- Upload date:
- Size: 2.7 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e5db58f003fbc935ab2a13c665d083384859b9b84e01ca946f42f43ebe0ed09d
|
|
| MD5 |
1c714bd54a78108dbee1aca040d15338
|
|
| BLAKE2b-256 |
2ef05bd85c77b33c957f409edd02c42907d4e3bc3e2c8b1941876b88c8ccaf49
|
File details
Details for the file sentrik-1.5.20-py3-none-any.whl.
File metadata
- Download URL: sentrik-1.5.20-py3-none-any.whl
- Upload date:
- Size: 691.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4de23ea8712eab87da95d1f77b5ff4db9e98a186b88d17733814122dcd6097c4
|
|
| MD5 |
682ad83f127e8fced185a481102a0dd8
|
|
| BLAKE2b-256 |
b8e14a1e4d6bb60e1945e2361282bf04b8e84ce79141fed2653d9f7500345cfd
|
