Getting Started with sentrik in 5 Minutes

Install sentrik, scan your code, and enforce a quality gate — all in under 5 minutes. Zero config required.

What you'll build

By the end of this tutorial, you'll have sentrik scanning your project against OWASP Top 10 security rules and blocking non-compliant PRs in CI/CD.

Total time: about 5 minutes. Config files needed: zero.

1. Install (30 seconds)

npm install -g sentrik

This downloads a platform-specific binary. No Python, no runtime dependencies. Both sentrik and guard commands are available.

That's all you need. The npm package downloads a platform-specific binary automatically.

2. Scan (30 seconds)

cd your-project
sentrik scan

That's it. No init, no wizard, no config file. sentrik auto-detects your project:

Languages — from file markers (pyproject.toml, package.json, go.mod, etc.)
CI platform — from .github/, azure-pipelines.yml, .gitlab-ci.yml
Standards packs — OWASP Top 10 always, plus IEC 62304 or SOC2 if your README mentions them

You'll see output like:

Detected: python, javascript · CI: github · Packs: owasp-top-10
Scanning 47 files against 22 rules...

CRITICAL  OWASP-A03-005  src/api.py:42    eval() executes arbitrary code
HIGH      OWASP-A01-001  src/auth.py:18   Hardcoded credentials detected
MEDIUM    OWASP-A02-001  src/crypto.py:9  Weak hashing algorithm (MD5)

3 findings (1 critical, 1 high, 1 medium)

Results are written to out/findings.json (machine-readable) and out/report.md (human-readable).

3. Gate (15 seconds)

sentrik gate

The gate exits with code 0 (pass) or 1 (fail). By default, critical and high findings fail the gate. Fix those findings, re-run, and the gate passes.

4. Customize (optional)

Want to lock in your settings? Generate a config file:

sentrik init --no-interactive

This creates .sentrik/config.yaml with auto-detected defaults. Commit it to share settings with your team. Or run sentrik init for the interactive wizard.

Add more standards packs:

sentrik add-pack fda-iec-62304    # Medical device (IEC 62304)
sentrik add-pack soc2             # SOC2 compliance

5. Add to CI/CD (2 minutes)

Add this to your GitHub Actions workflow:

# .github/workflows/sentrik.yml
name: sentrik Gate
on: [pull_request]

jobs:
  gate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: "20"
      - run: npm install -g sentrik
      - run: sentrik gate --git-range "origin/main...HEAD"

Every PR is now gated. Non-compliant code can't merge.

Bonus: VS Code / Cursor Extension

Install the sentrik extension and findings appear inline as you type. It auto-initializes on first open, scans in the background on every save, and shows the finding count in the status bar. Zero interaction needed.

Bonus: Dashboard

sentrik serve

Open http://localhost:8000/dashboard for a web UI showing findings, rules, governance policies, and scan trends.

What's next

Configuration reference — all .sentrik/config.yaml options
Standards packs — IEC 62304, OWASP, SOC2 details
Dashboard guide — full walkthrough
sentrik trial — unlock enterprise features for 30 days

Questions? Email us at info@sentrik.dev.