open-source security scanner

Catch what's hiding
in your code.

Sentinel scans any repository for exposed secrets, vulnerable dependencies, and risky patterns — in seconds, right in your browser.

Exposed secrets

API keys, tokens, and private keys — detected and redacted, never echoed back.

Vulnerable dependencies

Live CVE data from OSV.dev, with the exact fixed version for every finding.

Risky patterns

eval, shell injection, weak crypto, unsafe HTML rendering, and more.

Your code is scanned in your browser — it never leaves this page. Only dependency names are sent to look up CVEs.

Scan a repository

Paste a package.json or code, or drop in files or a whole folder.