open-source security scannerCatch what's hiding
Catch what's hiding
in your code.
Sentinel scans any repository for exposed secrets, vulnerable dependencies, and risky patterns — in seconds, right in your browser.
Exposed secrets
API keys, tokens, and private keys — detected and redacted, never echoed back.
Vulnerable dependencies
Live CVE data from OSV.dev, with the exact fixed version for every finding.
Risky patterns
eval, shell injection, weak crypto, unsafe HTML rendering, and more.
Your code is scanned in your browser — it never leaves this page. Only dependency names are sent to look up CVEs.
Scan a repository
Paste a package.json or code, or drop in files or a whole folder.