Getting Started with sentrik in 5 Minutes

Install sentrik, scan your code, and enforce a quality gate — all in under 5 minutes. Zero config required.

What you'll build

By the end of this tutorial, you'll have sentrik scanning your project against OWASP Top 10 security rules and blocking non-compliant PRs in CI/CD.

Total time: about 5 minutes. Config files needed: zero.

1. Install (30 seconds)

pip install sentrik

That's all you need (Python 3.11+, macOS/Linux/Windows). Installing gives you the free tier immediately — 6 standards packs, no license key, no sign-up.

2. Scan (30 seconds)

cd your-project
sentrik scan

That's it. No init, no wizard, no config file. sentrik auto-detects your project:

Languages — from file markers (pyproject.toml, package.json, go.mod, etc.)
CI platform — from .github/, azure-pipelines.yml, .gitlab-ci.yml
Standards packs — OWASP Top 10 always, plus IEC 62304 or SOC2 if your README mentions them

You'll see output like:

Detected: python, javascript · CI: github · Packs: owasp-top-10
Scanning 47 files against 22 rules...

CRITICAL  OWASP-A03-005  src/api.py:42    eval() executes arbitrary code
HIGH      OWASP-A01-001  src/auth.py:18   Hardcoded credentials detected
MEDIUM    OWASP-A02-001  src/crypto.py:9  Weak hashing algorithm (MD5)

3 findings (1 critical, 1 high, 1 medium)

Results are written to out/findings.json (machine-readable) and out/report.md (human-readable).

3. Gate (15 seconds)

sentrik gate

The gate exits with code 0 (pass) or 1 (fail). By default, critical and high findings fail the gate. Fix those findings, re-run, and the gate passes.

4. Customize (optional)

Want to lock in your settings? Generate a config file:

sentrik init --no-interactive

This creates .sentrik/config.yaml with auto-detected defaults. Commit it to share settings with your team. Or run sentrik init for the interactive wizard.

Add more standards packs:

sentrik add-pack fda-iec-62304    # Medical device (IEC 62304)
sentrik add-pack soc2             # SOC2 compliance

5. Add to CI/CD (2 minutes)

Add this to your GitHub Actions workflow:

# .github/workflows/sentrik.yml
name: sentrik Gate
on: [pull_request]

jobs:
  gate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.12"
      - run: pip install sentrik
      - run: sentrik gate --git-range "origin/main...HEAD"

Every PR is now gated. Non-compliant code can't merge.

Bonus: VS Code / Cursor Extension

Install the sentrik extension and findings appear inline on save. It auto-initializes on first open, scans in the background on every save, and shows the finding count in the status bar. Zero interaction needed.

Bonus: Dashboard

sentrik dashboard

The sentrik dashboard opens automatically — a web UI showing findings, rules, governance policies, and scan trends. Use --no-open to disable auto-launch.

Bonus: Auto-Remediation

Found vulnerable dependencies? Fix them automatically:

sentrik vulns --fix              # Apply version bumps locally
sentrik vulns --fix --create-pr  # Generate a pull request with fixes

For code findings, sentrik apply-patches applies auto-fixes like replacing eval() calls, switching weak crypto, and commenting out unsafe patterns.

Bonus: Supply Chain

Generate a Software Bill of Materials and check for known vulnerabilities:

sentrik sbom     # Generate SBOM (CycloneDX / SPDX)
sentrik vulns    # Check dependencies against OSV.dev

Works with package.json, requirements.txt, Cargo.toml, go.mod, and lockfiles.

What's next

Configuration reference — all .sentrik/config.yaml options
Standards packs — IEC 62304, OWASP, SOC2, HIPAA, PCI DSS, ISO 27001, PHP Security, Kotlin Security
Dashboard guide — full walkthrough
CLI reference — all 30+ commands including sbom, vulns, licenses
MCP Integration — connect sentrik to Claude Code, Cursor, and VS Code
API reference — 75+ REST API endpoints

Questions? Email us at info@sentrik.dev.