Stop shipping vulnerabilities to production. Sentinel catches critical flaws in Python, JS/TS, HTML, and CSS before you merge, with intelligent offline protocols and AI-driven auto-fixes.
pip install sentinel-scanner
Vulnerabilities often slip past code reviews, shipping straight to production. Traditional scanners output massive JSON logs that nobody reads, causing alert fatigue.
Sentinel runs directly in your CI or local terminal. It uses standard security protocols offline or Mistral AI online to explain raw risks and apply one-click auto-fixes.
Select a vulnerability type to view how Sentinel detects it and applies safe security remediations offline.
Concatenating untrusted user inputs directly into SQL query strings.
Protocol: Parameterized Queries. Replace string concatenation or formatting inside SQL executions with placeholders and pass query parameters as a tuple. Example: Change cursor.execute(f'SELECT * FROM users WHERE username = "{user}"') to cursor.execute('SELECT * FROM users WHERE username = ?', (user,)).
# Unsafe SQL Construction
def get_user(user_id):
query = f"SELECT * FROM users WHERE id = {user_id}"
return db.execute(query)
# Click 'Apply Auto-Fix' to see secure code
Detects SQLi, XSS, command injection, hardcoded secrets, insecure crypto, and frontend/HTML vulnerabilities using customizable rules.
Audits your supply chain against OSV.dev and NVD. Fully supports Python, Node.js (npm), and Go modules.
Tests running web apps on the fly for injection points and misconfigured headers.
Mistral AI analyzes findings, explains attack vectors, and safely applies patches to your codebase.
Integrate easily with our official GitHub Actions docs deployment workflow.