Dependency Vulnerabilities
Click to scan dependencies for known vulnerabilities
View details →
Loading metrics...
Dependency Vulnerabilities
Click "Scan Dependencies" to check for known vulnerabilities
Governance Profile
Quick Setup
Choose a preset that matches your team's stage. You can fine-tune individual settings below.
Speed
For early-stage teams. Critical findings only block gate. AI agents operate with maximum autonomy.
Balanced
Recommended
For most teams. Critical and high findings block gate. Anomalous AI sessions flagged for review.
Strict
For regulated industries. Every AI action requires explicit scope. Human review gates on critical findings.
Human Review Gates
Auto-Patch & Gate
Findings
| Severity ▲ | Rule ▲ | File ▲ | Message |
|---|
Reports
Standards Packs
Active Rules
| ID ▲ | Name ▲ | Type ▲ | Severity ▲ |
|---|
Work Items
| ID | Title | State | Rule | Findings | |
|---|---|---|---|---|---|
| Select the Work Items tab to load data. | |||||
Integration
Connection Status
Loading connection status...
Configure Provider
Test connection to load available types
Auth: use OAuth above, or set
AZURE_DEVOPS_PAT env var.Auth: use OAuth above, or set
GITHUB_TOKEN env var.
Story
Bug
Task
Epic
Sub-task
Requirement
Change Request
Auth: use OAuth above, or set
JIRA_USER + JIRA_TOKEN env vars.Agent Action Audit Log
Loading audit log...
Approval Requests
Human-in-the-loop approvals are a first-class governance primitive. Any agent action that exceeds your governance thresholds — gate failures, auto-patches, config changes, new dependencies — creates an approval request here. A security lead can approve (allow the action and record justification in the audit trail) or reject (block it). Agents can also call
sentrik request-approval directly.
Loading approvals...
AI Activity
Sentrik auto-detects AI agents (Claude Code, Cursor, Copilot, Devin, CI pipelines) without requiring registration. Each agent gets a trust level that limits what it can do — commit code, apply fixes, add dependencies. Configure defaults in
governance.agent_defaults. Register named agents with sentrik agent-register to pin a specific trust level via credential.
Task Sessions
Before making changes, agents declare what they intend to do and which files they are allowed to touch. Sentrik enforces that declaration and flags anything outside it.
Loading task sessions...
Blast Radius Zones
File areas where agent changes carry the highest risk — access here triggers a warning, human approval, or a block depending on the zone
Blast Radius Zones
File areas where agent changes carry the highest risk — access here triggers a warning, human approval, or a block depending on the zone
Loading zones...
Anomaly Detection
Compares each agent session against recent history — flags sessions that touched unusually many files, hit new sensitive areas, or had a high violation rate
Anomaly Detection
Compares each agent session against recent history — flags sessions that touched unusually many files, hit new sensitive areas, or had a high violation rate
Loading...
Active Sessions
AI agents Sentrik has detected running right now — identified by environment variables, process names, git author patterns, or registered credentials
Active Sessions
AI agents Sentrik has detected running right now — identified by environment variables, process names, git author patterns, or registered credentials
Loading sessions...
Pending Agent Approvals
Actions an agent has requested but cannot proceed with until a human explicitly approves — e.g. auto-patching a dependency or writing to a config file
Pending Agent Approvals
Actions an agent has requested but cannot proceed with until a human explicitly approves — e.g. auto-patching a dependency or writing to a config file
Loading...
Activity Feed
Real-time log of every action an agent has taken — what it tried to do, which policy applied, and whether it was allowed or blocked
Activity Feed
Real-time log of every action an agent has taken — what it tried to do, which policy applied, and whether it was allowed or blocked
Loading activity...
Registered Agents & Tool Grants
Named agent credentials and temporary elevated permissions granted to specific agents for specific tasks
Registered Agents & Tool Grants
Named agent credentials and temporary elevated permissions granted to specific agents for specific tasks
Named Agent Credentials
Loading agents...
Active Tool Grants
Loading grants...
Quality Score
—
Overall Quality
No data yet
Score History
Project Profile
Design Decisions
Developer Expertise
Threat Model
Compliance Attestation
🔒
No attestation generated yet.
Run
sentrik attest to generate a signed compliance attestation.AI Attribution
Scans git history for
Co-authored-by: trailers to identify AI-assisted commits. Required for EU AI Act Article 18 — high-risk AI systems must document and retain records of AI involvement for 10 years. No registration needed — works automatically from commit history.
Loading attribution data...
Configuration
🛡
Scanner: Built-in Rules Engine
Your code is analyzed using deterministic pattern matching and AST checks from your enabled standards packs. External scanner integration (SARIF import, AI-powered analysis) is available via the config file.
AI Integration
Configure an LLM to enable "Fix with AI" chat in findings and vulnerability pages. Your API key is stored as an environment variable — it is never written to config files.
Show raw JSON
Scan History
Total Scans
--
Avg Findings
--
Pass Rate
--
Avg Duration
--
| Date | Command | Findings | Critical | High | Compliance | Gate | Duration |
|---|---|---|---|---|---|---|---|
Loading history... | |||||||
Compliance Evidence Map
Shows where your code satisfies compliance requirements — not just violations, but proof of compliance.
| Rule | Clause | Requirement | Status | Evidence |
|---|---|---|---|---|
Loading evidence map... | ||||
License Compliance
All
High 0
Medium 0
Low 0
None 0
| Package | Version | License | Risk | Copyleft |
|---|---|---|---|---|
Click "Scan Licenses" to analyze dependency licenses | ||||