Sentrik

Sentrik

Governance runtime for AI-generated code

Scan, gate, and trace compliance automatically — before it ships.

Website • Docs • Community • Pricing

What is Sentrik?

Sentrik is a CLI + dashboard that enforces coding standards, compliance rules, and security policies on every commit. Built for teams using AI coding agents (Claude Code, Cursor, Copilot) where code is generated faster than humans can review it.

The problem: AI agents write code that works but may violate security policies, compliance requirements, or architectural standards. Nobody catches it until audit time.

The solution: Sentrik scans every change against regulatory standards (OWASP, SOC 2, HIPAA, PCI-DSS, FDA IEC 62304, and more), gates PRs that fail, and generates audit-ready evidence.

Install

# npm (recommended)
npm install -g sentrik

# pip
pip install sentrik

# Docker
docker run maxgerhardson/sentrik scan

Quick Start

# 1. Initialize your project (auto-detects language, frameworks, CI)
sentrik init

# 2. Scan your code
sentrik scan

# 3. Enforce the gate in CI (exit 1 on failure)
sentrik gate

# 4. Launch the dashboard
sentrik dashboard

Free Tier (forever, no credit card)

Sentrik includes 5 standards packs with 158 rules for free:

Plus built-in commands at every tier:

• sentrik scan / sentrik gate - Scan and enforce
• sentrik vulns - Dependency vulnerability scanning (CVEs)
• sentrik sbom - Software bill of materials
• sentrik secrets - Hardcoded secrets detection
• sentrik dashboard - Web UI with findings, charts, and reports
• sentrik threat-model - STRIDE threat analysis
• sentrik quality-score - Code quality scoring (0-100)

Paid Tiers

View pricing

CI/CD Integration

GitHub Actions (Marketplace)

# .github/workflows/sentrik.yml
name: Sentrik Gate
on: [pull_request]
jobs:
  gate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: maxgerhardson/sentrik-community@v1

That's it — one line. The action auto-detects PR context, runs the gate, uploads SARIF to GitHub Code Scanning, and attaches the findings report as an artifact.

With options:

      - uses: maxgerhardson/sentrik-community@v1
        with:
          packs: "owasp-top-10,soc2,supply-chain-security"
          fail-on: "critical,high"
          license-key: ${{ secrets.SENTRIK_LICENSE_KEY }}

Using outputs:

      - uses: maxgerhardson/sentrik-community@v1
        id: sentrik
      - run: echo "Found ${{ steps.sentrik.outputs.findings-count }} findings"
        if: always()

GitLab CI

sentrik:
  image: maxgerhardson/sentrik:latest
  script:
    - sentrik gate --git-range "origin/main...HEAD"
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"

Azure Pipelines

- script: |
    npm install -g sentrik
    sentrik gate --git-range "origin/main...HEAD"
  displayName: Sentrik Gate

AI Agent Integration

Sentrik works as an MCP server for AI coding agents:

# Start MCP server for Claude Code, Cursor, VS Code
sentrik mcp-server

The MCP server gives AI agents real-time access to compliance rules, scan results, and remediation guidance — so they write compliant code from the start.

Example Configurations

Starter (web app)

# .sentrik/config.yaml
standards_packs:
  - owasp-top-10
  - supply-chain-security
gate:
  fail_on:
    - critical
    - high

Healthcare / Medical Device

standards_packs:
  - owasp-top-10
  - hipaa
  - fda-iec-62304
  - supply-chain-security
gate:
  fail_on:
    - critical
    - high
    - medium

Fintech

standards_packs:
  - owasp-top-10
  - pci-dss
  - soc2
  - supply-chain-security
gate:
  fail_on:
    - critical
    - high

Government / Defense

standards_packs:
  - owasp-top-10
  - nist-800-53
  - cmmc
  - supply-chain-security
gate:
  fail_on:
    - critical
    - high
    - medium

Community

• Discussions - Ask questions, share tips, show what you've built
• Issues - Report bugs or request features
• Documentation - Full CLI reference, configuration guide, API docs

Support

License

Proprietary. Free tier available forever with no credit card required.