Early Access

Stop auditing AI code
by hand

Sentrik scans every commit against 22 regulatory frameworks, blocks non-compliant code in CI, and generates audit evidence automatically. One CLI. Zero config.

Get Early Access

The Problem

AI writes code faster than humans can review it. Compliance can't keep up.

6 weeks

average time to prepare compliance evidence for a single audit

4–5 tools

required today to cover security, compliance, and audit evidence

36%

of AI-generated code contains security vulnerabilities [Stanford]

526

rules across 22 regulatory frameworks, ready out of the box

Three Commands. Full Compliance.

1

Scan

sentrik scan

526 rules check your code against IEC 62304, HIPAA, SOC2, OWASP, GDPR, EU AI Act, NIST 800-53, and 15 more frameworks. Findings map to specific regulatory clauses.

2

Gate

sentrik gate

Block non-compliant code in CI. PR comments show exactly which regulation you're violating.

- name: Compliance Gate
  run: sentrik gate
    --git-range origin/main...HEAD
    --decorate-pr
3

Ship

sentrik attest

Generate cryptographically signed attestations, per-framework compliance reports, and audit-ready evidence bundles. No more 6-week evidence sprints.

See It In Action

sentrik
Get Early Access

A Compliance Dashboard That Actually Helps

Real-time compliance scores, findings browser, AI-powered fixes, and one-click audit evidence — all in the browser.

Compliance Overview

See your compliance score, finding counts by severity, gate status, and scan duration at a glance. Governance banners flag when human review is required before merge.

Compliance Evidence Map

Most tools only show what's wrong. Sentrik also shows what's right. The Evidence Map pinpoints exactly where your code satisfies each regulatory requirement — with file, line number, and matched pattern. Auditors see proof of compliance, not just a list of violations.

Findings with Code Context

Every finding shows the exact file, line number, regulatory clause, and code snippet. Filter by severity, rule, or framework. Export to CSV for auditors.

Requirement Drift Detection

Sentrik compares your code against documented requirements and flags when they diverge. When drift is detected, work items are automatically created in GitHub Issues, Azure DevOps, or Jira — assigned, labeled, and linked to the finding. No manual triage.

Fix with AI

Click any finding, chat with an LLM, and apply the fix — all from the browser. Compliance officers triage findings without touching an IDE.

STRIDE Threat Modeling

An LLM analyses your code for spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege threats. Filter by STRIDE category or severity, discuss mitigations with AI, and track remediation status.

AI-Assisted Code Generation

Claude Code, Cursor, and VS Code call Sentrik via MCP. The AI checks compliance rules before writing code — so generated code passes the gate on the first try. The VS Code extension scans on every save with inline diagnostics.

Code Intelligence

Sentrik understands your codebase — it scores quality, profiles your stack, and knows who should review what.

Quality Gradient Scoring

A 0–100 quality score across six dimensions: compliance, complexity, test coverage, documentation, consistency, and dependency health. Track trends over time and set minimum thresholds in your gate.

Project Profile & Expertise Tracking

Auto-detects languages, frameworks, architecture patterns, and conventions. Builds developer expertise profiles from git history. When a PR touches code outside someone's expertise, it flags it for senior review.

One Tool. Full Compliance Lifecycle.

Scan in Seconds

526 rules across 22 frameworks. SQL injection, hardcoded secrets, AI model security, supply chain risks — mapped to specific regulatory clauses.

Gate Every PR

Block non-compliant code in CI/CD. GitHub Actions, Azure Pipelines, GitLab CI. PR comments show exactly which rule was violated.

📋

Audit Evidence

Per-framework compliance reports, trust center pages, signed attestations, and audit-ready ZIP bundles. Generated in seconds.

📦

Supply Chain Security

SBOM generation, CVE scanning against OSV.dev, license compliance, and secrets detection. Auto-fix vulnerable deps and create PRs.

🧠

Code Intelligence

Quality scoring, project profiling, expertise-gap detection, and design decision auditing with AI-powered review.

🔗

Full Traceability

Requirements → code → tests → work items → audit evidence. Detect requirement drift automatically and create work items in GitHub, Azure DevOps, or Jira.

Works With Your Stack

CI/CD
GitHub Actions Azure Pipelines GitLab CI
Work Items
GitHub Issues Azure DevOps Jira
AI Agents (MCP)
Claude Code Cursor Cline
Editors
VS Code Cursor LSP (any editor)
Distribution
npm Docker pip
Output
SARIF JUnit XML CycloneDX

Built for Regulated Industries

From medical devices to aviation software — Sentrik is designed for teams where compliance isn't optional.

🔒

Air-Gapped Ready

Offline license validation via HMAC. No phone-home, no cloud dependency. Works in classified and air-gapped environments.

🧑‍⚖️

Auditor Portal

Dedicated read-only portal for compliance auditors. Generate access tokens, share evidence bundles, and export audit-ready ZIPs.

🛡

Governance Profiles

Three profiles — strict, standard, permissive — control human review gates, auto-patching, and gate thresholds per software safety class.

Signed Attestations

Cryptographic HMAC-SHA256 signatures on every compliance attestation. Tamper-evident audit trails with per-entry integrity verification.

22 Regulatory Frameworks. Built In.

Medical devices, fintech, healthcare, automotive, aviation, embedded systems.

OWASP Top 10

Web application security

SOC 2

Trust services criteria

HIPAA

Healthcare data protection

PCI DSS

Payment card security

ISO 27001

Information security

GDPR

Data protection & privacy

IEC 62304

Medical device software

EU AI Act

AI system governance

NIST 800-53

Federal security controls

CMMC 2.0

Defense contractor security

Supply Chain

SLSA, SBOM, dependency integrity

NIST AI RMF

AI risk management

Plus DO-178C, ISO 26262, MISRA C/C++, ISO 14971, IEC 81001-5-1, 21 CFR Part 11, and language-specific packs for Python, Go, PHP, and Kotlin

Choose Your Plan

Start free. Upgrade when you need more frameworks or enterprise features.

Free

Free

  • 5 standards packs (158 rules)
  • OWASP Top 10, SOC 2, Python, Go, Supply Chain
  • CLI scanning & gate
  • Dashboard & Evidence Map
  • VS Code extension
  • GitHub Action
  • Risk scoring on findings
  • SBOM, CVE scanning, secrets detection
Get Free Access

Team

Contact us

  • Everything in Free
  • 16 standards packs (368+ rules)
  • HIPAA, PCI-DSS, ISO 27001, GDPR
  • FDA IEC 62304, NIST, CMMC, EU AI Act
  • Work item reconciliation
  • Auto-fix vulnerable dependencies
  • MCP server for AI agents
Request Access

Organization

Contact us

  • Everything in Team
  • 22 standards packs (526 rules)
  • MISRA-C, DO-178C, ISO 26262
  • ISO 14971, IEC 81001-5-1, 21 CFR Part 11
  • Parallel scanning
  • Custom rule packs
  • Governance profiles & audit log
Request Access

Enterprise

Contact us

  • Everything in Organization
  • Seat management & SSO
  • Async approval workflows
  • Auditor portal with token access
  • GRC platform integration
  • Dedicated support
  • Custom SLA
Contact Sales

Get Free Access

Enter your email to get the install command. 5 packs, 158 rules.

Request Team or Enterprise Access

We're onboarding design partners in medical devices, fintech, and SaaS.