Stop triaging. Start resolving.
Sentinel is an AI-powered action inbox for security teams. It ingests findings from every scanner you run, ranks them by real business impact, and hands your team a prioritised queue to clear — cutting mean time to resolution from days to under four hours.
The problem
Security teams drown in alerts. Six tools, six inboxes, thousands of findings per day — most of which are noise. Engineers spend 60% of their time triaging rather than remediating. The ones that matter get buried. Sentinel changes the economics: every finding is scored, deduped, and ranked before it reaches your team. You see three next steps, not three thousand alerts.
Three steps from scan to resolution
Scan
Connect GitHub and Kubernetes in five minutes. Sentinel ingests findings from vulnerability scanners, chaos experiments, resilience budgets, config drift detectors, GitHub Advisories, and OSV — in parallel, on every synthesis run.
Rank
Claude (Sonnet) processes all findings, deduplicates noise, and scores each by exploitability × blast radius ÷ effort. Business context is applied automatically — a vulnerability in non-production code ranks lower than the same issue in a payment path.
Clear
Your team sees a ranked queue. Claim an item, work through the remediation hint, mark it done. Every action is written to an append-only audit log. Slack notifications route the right findings to the right channels automatically.
How findings are scored
Every finding is scored using a business-impact formula before it reaches your queue:
| Factor | Range | What it measures |
|---|---|---|
| Exploitability | 0 – 1 | How easy is it to exploit? 0 = theoretical, 1 = trivial and in the wild |
| Blast radius | 0 – 1 | How many users / systems are affected? 0 = isolated dev env, 1 = all production traffic |
| Effort | 1 – 10 | How much work to fix? 1 = one-line change, 10 = multi-sprint refactor |
Claude also assigns a confidence score (0–100%) indicating how certain the ranking is, and a first step — a specific, actionable remediation hint rather than a generic advisory.
What Sentinel synthesizes
Sentinel runs six synthesizers in parallel on every scan:
GitHub semantic scan
Claude reviews your source files for vulnerabilities, anti-patterns, and exploit chains. Fetches the live file tree and performs semantic analysis — not just pattern matching.
GitHub Advisories
Pulls Dependabot/advisory alerts from your repositories via the GitHub GraphQL API. Maps CVEs to your actual dependency tree.
OSV (osv.dev)
Cross-references your codebase against the Open Source Vulnerability database for known CVEs across all ecosystems.
Resilience budget (B_R)
Analyses FKE topology and resilience budget drawdown. Surfaces runtime failure modes before they cascade.
Chaos experiments
Ingests fault injection results from your chaos engineering runs. Turns experiment outcomes into actionable hardening items.
MACS consensus
Mycelial substrate config drift votes. Detects when your system's autonomous consensus layer diverges from the intended configuration.
From zero to your first ranked action in 5 minutes
Create a product
In the admin console, create a Client (your organisation) and a Product (one deployment you want monitored). Give it a name and slug.
Configure scan targets
Go to Scan Targets on the product page. Enter a GitHub personal access token (repo:read scope) and select the repositories to scan. Optionally add a Kubernetes API URL + token and select namespaces.
namespaces:read — Kubernetes token minimum scope
Run synthesis
Open the Action Digest and click Run Synthesis. Sentinel scans your connected sources and returns a ranked queue within 5 minutes.
Set up notifications (optional)
Go to Routing Rules to route findings by severity to Slack, email, or webhooks. CRITICAL findings can page on-call immediately; LOW findings can go to a weekly digest.
Invite your team
Go to Manage Team on the client page to add analysts and viewers. Analysts can claim, start, and resolve items. Viewers have read-only access to the digest.
What's included
Action inbox
Severity-filtered, ranked queue. Claim → start → resolve workflow. Confidence scores on every item.
Copy to Markdown
Export your entire action digest as structured Markdown for incident reports, PRs, or async standup.
Notification routing
Severity-based routing to Slack, email, and webhooks. Per-product rules, immediate or digest delivery.
Scan target management
GitHub token validation, repo selection, K8s namespace selection — all from the UI, no YAML required.
Team access control
Analysts can claim and resolve. Viewers are read-only. Admins manage configuration. Roles enforced at the API.
Audit trail
Append-only audit log for every action: item created, claimed, resolved, routing rule changed. 7-year retention.
Feedback loop
Rate ranking accuracy 1–5 stars on resolved items. Signals Claude's business context calibration.
Multi-tenant
One Sentinel instance, multiple clients. Row-level data isolation. Each client sees only their products.
Built for security-conscious teams
| Audit trail | Append-only audit_log table. No UPDATE or DELETE. Every admin action captured with actor email, timestamp, and payload. |
| Data retention | 7-year retention policy on all audit events. Aligned with SOC 2 and ISO 27001 requirements. |
| Credential storage | GitHub tokens and Kubernetes API credentials stored encrypted in Postgres JSONB. Never logged or exposed in API responses. |
| Authentication | Email + password with bcrypt hashing. JWT sessions (no server-side session store). Role-based access enforced at the database level via users.is_admin. |
| Multi-tenant isolation | All data scoped by client_id. API routes verify client ownership on every request. Team members cannot access other clients' data. |
| Infrastructure | Deployed on Vercel (SOC 2 Type II). Database on Neon (PostgreSQL, SOC 2). No self-hosted infrastructure to maintain. |
| AI processing | Security findings processed by Claude via the Anthropic API. No training on customer data. Anthropic's usage policies apply. |
Ready to clear your queue?
Sentinel is in private beta. Join the waitlist and we'll reach out when a spot opens — usually within a few days for teams actively managing security findings.
Or email alexander@inventerprises.se directly to discuss onboarding.