Sentrik
Governance runtime for AI-generated code
Scan, gate, and trace compliance automatically — before it ships.
Website •
Docs •
Community •
Pricing
What is Sentrik?
Sentrik is a CLI + dashboard that enforces coding standards, compliance rules, and security policies on every commit. Built for teams using AI coding agents (Claude Code, Cursor, Copilot) where code is generated faster than humans can review it.
The problem: AI agents write code that works but may violate security policies, compliance requirements, or architectural standards. Nobody catches it until audit time.
The solution: Sentrik scans every change against regulatory standards (OWASP, SOC 2, HIPAA, PCI-DSS, FDA IEC 62304, and more), gates PRs that fail, and generates audit-ready evidence.
Install
# npm (recommended)
npm install -g sentrik
# pip
pip install sentrik
# Docker
docker run maxgerhardson/sentrik scan
Quick Start
# 1. Initialize your project (auto-detects language, frameworks, CI)
sentrik init
# 2. Scan your code
sentrik scan
# 3. Enforce the gate in CI (exit 1 on failure)
sentrik gate
# 4. Launch the dashboard
sentrik dashboard
Free Tier (forever, no credit card)
Sentrik includes 5 standards packs with 158 rules for free:
| Pack | Rules | What it catches |
|---|
| OWASP Top 10 | 69 | SQL injection, XSS, auth flaws, SSRF, and more |
| SOC 2 | 30 | Trust services criteria for security & availability |
| Python Security | 18 | eval/exec, pickle, subprocess, Django/Flask vulns |
| Go Security | 15 | Injection, crypto misuse, unsafe, concurrency bugs |
| Supply Chain Security | 26 | SLSA, SBOM, dependency integrity, AI tool supply chain |
Plus built-in commands at every tier:
sentrik scan / sentrik gate - Scan and enforcesentrik vulns - Dependency vulnerability scanning (CVEs)sentrik sbom - Software bill of materialssentrik secrets - Hardcoded secrets detectionsentrik dashboard - Web UI with findings, charts, and reportssentrik threat-model - STRIDE threat analysissentrik quality-score - Code quality scoring (0-100)
Paid Tiers
| Free | Team ($29/mo) | Organization ($99/mo) |
|---|
| Standards packs | 5 | 16 | 22 |
| OWASP, SOC 2, Supply Chain | Yes | Yes | Yes |
| HIPAA, PCI-DSS, ISO 27001, GDPR | - | Yes | Yes |
| FDA IEC 62304, NIST, CMMC | - | Yes | Yes |
| MISRA-C, DO-178C, ISO 26262 | - | - | Yes |
| Vulnerability scanning | Yes | Yes | Yes |
| Dashboard | Yes | Yes | Yes |
| Work item reconciliation | - | Yes | Yes |
| Custom rules | - | - | Enterprise |
| Parallel scanning | - | - | Yes |
| Governance & audit log | - | - | Enterprise |
View pricing
CI/CD Integration
GitHub Actions (Marketplace)
# .github/workflows/sentrik.yml
name: Sentrik Gate
on: [pull_request]
jobs:
gate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: maxgerhardson/sentrik-community@v1
That's it — one line. The action auto-detects PR context, runs the gate, uploads SARIF to GitHub Code Scanning, and attaches the findings report as an artifact.
With options:
- uses: maxgerhardson/sentrik-community@v1
with:
packs: "owasp-top-10,soc2,supply-chain-security"
fail-on: "critical,high"
license-key: ${{ secrets.SENTRIK_LICENSE_KEY }}
Using outputs:
- uses: maxgerhardson/sentrik-community@v1
id: sentrik
- run: echo "Found ${{ steps.sen
... [View full README on GitHub](https://github.com/maxgerhardson/sentrik-community#readme)