Sentrik

Governance runtime for AI-generated code

Scan, gate, and trace compliance automatically — before it ships.

Website • Docs • Community • Pricing

---

What is Sentrik?

Sentrik is a CLI + dashboard that enforces coding standards, compliance rules, and security policies on every commit. Built for teams using AI coding agents (Claude Code, Cursor, Copilot) where code is generated faster than humans can review it.

The problem: AI agents write code that works but may violate security policies, compliance requirements, or architectural standards. Nobody catches it until audit time.

The solution: Sentrik scans every change against regulatory standards (OWASP, SOC 2, HIPAA, PCI-DSS, FDA IEC 62304, and more), gates PRs that fail, and generates audit-ready evidence.

Install

# npm (recommended)
npm install -g sentrik

# pip
pip install sentrik

# Docker
docker run maxgerhardson/sentrik scan

Quick Start

# 1. Initialize your project (auto-detects language, frameworks, CI)
sentrik init

# 2. Scan your code
sentrik scan

# 3. Enforce the gate in CI (exit 1 on failure)
sentrik gate

# 4. Launch the dashboard
sentrik dashboard

Free Tier (forever, no credit card)

Sentrik includes 5 standards packs with 158 rules for free:

Pack	Rules	What it catches
OWASP Top 10	69	SQL injection, XSS, auth flaws, SSRF, and more
SOC 2	30	Trust services criteria for security & availability
Python Security	18	eval/exec, pickle, subprocess, Django/Flask vulns
Go Security	15	Injection, crypto misuse, unsafe, concurrency bugs
Supply Chain Security	26	SLSA, SBOM, dependency integrity, AI tool supply chain

Plus built-in commands at every tier:

• sentrik scan / sentrik gate - Scan and enforce
• sentrik vulns - Dependency vulnerability scanning (CVEs)
• sentrik sbom - Software bill of materials
• sentrik secrets - Hardcoded secrets detection
• sentrik dashboard - Web UI with findings, charts, and reports
• sentrik threat-model - STRIDE threat analysis
• sentrik quality-score - Code quality scoring (0-100)

Paid Tiers

	Free	Team ($29/mo)	Organization ($99/mo)
Standards packs	5	16	22
OWASP, SOC 2, Supply Chain	Yes	Yes	Yes
HIPAA, PCI-DSS, ISO 27001, GDPR	-	Yes	Yes
FDA IEC 62304, NIST, CMMC	-	Yes	Yes
MISRA-C, DO-178C, ISO 26262	-	-	Yes
Vulnerability scanning	Yes	Yes	Yes
Dashboard	Yes	Yes	Yes
Work item reconciliation	-	Yes	Yes
Custom rules	-	-	Enterprise
Parallel scanning	-	-	Yes
Governance & audit log	-	-	Enterprise

View pricing

CI/CD Integration

GitHub Actions (Marketplace)

# .github/workflows/sentrik.yml
name: Sentrik Gate
on: [pull_request]
jobs:
  gate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: maxgerhardson/sentrik-community@v1

That's it — one line. The action auto-detects PR context, runs the gate, uploads SARIF to GitHub Code Scanning, and attaches the findings report as an artifact.

With options:

      - uses: maxgerhardson/sentrik-community@v1
        with:
          packs: "owasp-top-10,soc2,supply-chain-security"
          fail-on: "critical,high"
          license-key: ${{ secrets.SENTRIK_LICENSE_KEY }}

Using outputs:

      - uses: maxgerhardson/sentrik-community@v1
        id: sentrik
      - run: echo "Found ${{ steps.sen

... [View full README on GitHub](https://github.com/maxgerhardson/sentrik-community#readme)