About sentrik

The Problem

AI coding agents — Copilot, Cursor, Claude Code — generate code faster than any team can review it. But regulated industries (medical devices, fintech, enterprise SaaS) need every line of code to meet compliance standards.

Manual code review doesn't scale. Existing static analysis tools don't understand regulatory standards. Teams are stuck choosing between speed and compliance.

The Solution

sentrik is a governance runtime that sits between AI agents and production. It scans code against regulatory standards (IEC 62304, OWASP, SOC2), gates PRs in CI/CD, traces findings to work items, and generates audit evidence — all automatically.

The free tier is genuinely useful with no limits. Enterprise features (parallel scan, audit logging, approval gates, custom packs) serve teams that need them.

What We've Built

• 2,350+ automated tests across the entire platform
• 75+ REST API endpoints for full programmatic control
• 14 standards packs — 8 free (IEC 62304, OWASP, SOC2, HIPAA, PCI DSS, ISO 27001, PHP Security, Kotlin Security) + 6 organization tier
• 30+ CLI commands — scan, gate, reconcile, sbom, vulns, licenses, compliance-report, trust-center, and more
• Confidence scoring — heuristic + LLM-based true-positive ranking
• Supply chain security — SBOM generation, vulnerability scanning, license compliance
• GRC platform integration — push evidence to Drata, Vanta, Secureframe via webhooks
• Multi-repo organization dashboards — aggregate compliance across all projects
• Auditor portals — time-boxed read-only access for external reviewers
• ASPM posture scoring — aggregate security posture across compliance, vulnerabilities, trends, and gate reliability
• MCP security audit — scan AI agent MCP configurations for credential exposure, shell injection, and excessive scope
• False positive tracking — per-scan suppression rate metrics for accuracy benchmarking

Contact

General: info@sentrik.dev

Support: support@sentrik.dev

Docs: docs.sentrik.dev