Catch vulnerabilities in your flow
Sentinel scans every file you touch for security issues — same session, zero context switches. From detection to fix in 12 minutes.
12 min
Resolution time
Detection to committed fix
0
Context switches
Everything in one session
OWASP
Top 10 coverage
Semgrep-powered rules
4 CVEs
Patched in one flow
Parallel audit + fix
Security is always someone else's problem — until it isn't
Context switching kills flow
GitHub flags vulnerabilities. You stop coding, open a terminal, research CVEs, find fix paths, update packages. 25 minutes and 4 tool switches later, you forgot what you were building.
Deferred fixes become incidents
"I'll handle it later" turns into a backlog item that never gets prioritized — until a security audit or, worse, a breach.
AI-generated code inherits bad habits
Training data includes hardcoded secrets, SQL injection patterns, and missing input validation. Without inline scanning, these ship to production.
Security that stays in your development flow
Sentinel combines Semgrep static analysis (OWASP Top 10 + framework-specific rules) with dependency CVE auditing. It runs on every file you touch via PostToolUse hooks — flagging issues at write-time, not after you push. When CVEs are found, Shipyard's deps-check provides exact safe upgrade paths. Fix and commit without ever leaving your session.
$/sentinel:scan$→ Scanning src/lib/auth.ts...$ [HIGH] Hardcoded API key detected (line 12)$ [MEDIUM] Missing input validation on email (line 34)$/shipyard:deps-check$→ CVE-2026-1234: path-to-regexp@8.3.0$ Fix: pnpm update path-to-regexp@8.3.1$→ CVE-2026-1235: path-to-regexp@8.3.0$ Fix: same upgrade resolves both$Applied fixes. 0 vulnerabilities remaining.$Committed in 12 minutes.How it works
Scan on every file touch
PostToolUse hooks trigger Semgrep analysis on every file write. Issues are flagged instantly — no separate scan step needed.
Flag at write-time
Security findings are added to the task queue with severity (Critical/High/Moderate). The commit skill blocks on Critical/High items on staged files.
Fix in the same session
Sentinel identifies the issue, Shipyard provides the safe upgrade path. One flow — detect, understand, fix, verify.
Commit clean
After fixes, re-scan confirms 0 vulnerabilities. Commit goes through without the gate blocking.