Quickstart

Get scanning in under a minute. No config files needed.

1. Install

npm install -g sentra

No Python or runtime dependencies needed.

2. Scan your code

cd your-project
sentra scan

sentrik auto-detects your project — languages, CI platform, and applicable standards packs. No wizard, no prompts. Findings are written to out/:

• findings.json — machine-readable findings
• report.md — human-readable summary
• next_actions.md — prioritized action items
• scan_metrics.json — performance metrics

3. Enforce the gate

sentra gate

Exits with code 0 (pass) or 1 (fail). By default, critical and high severity findings fail the gate.

4. Scope to changed files

For faster CI/CD runs, scope to only changed files:

# Staged files (pre-commit)
sentra scan --staged

# PR diff
sentra gate --git-range "origin/main...HEAD"

5. Customize (optional)

Lock in your settings with a config file:

sentra init --no-interactive    # Auto-detected defaults → .sentra/config.yaml
sentra init                     # Interactive wizard → .sentra/config.yaml

The .sentra/ directory structure:

.sentra/
  config.yaml     # Main config (commit to git)
  rules/          # Custom rules (optional)
  .gitignore      # Ignores local/
  local/          # Machine-local state (not committed)

Migrating from .guard.yaml

If you have an existing .guard.yaml, run sentra migrate to copy it to .sentra/config.yaml. Both formats are fully supported.

6. Enable standards packs

OWASP Top 10 is always enabled by default. Add more:

sentra add-pack fda-iec-62304    # Medical device (IEC 62304)
sentra add-pack soc2             # SOC2 compliance

List available packs:

sentra list-packs

7. Start the dashboard

sentra serve

Open http://localhost:8000/dashboard for the management console.

Next steps

• Configuration reference — full .sentra/config.yaml options
• CI/CD integration — GitHub Actions and Azure Pipelines
• Dashboard guide — full dashboard walkthrough
• Standards packs — IEC 62304, OWASP, SOC2 details