🛡️ Sentry - Open-Source Developer Security Agent

Sentry - Open-Source Developer Security Agent Sentry is a free, open-source security agent that helps developers catch security mistakes before they ship. It plugs directly into your workflow via GitHub Actions or a local CLI to find leaked secrets, vulnerable dependencies, and unsafe code.

🚨 The Problem: Security is Still an Afterthought In the race to build and ship features, it's easy to make mistakes. Developers unintentionally push API keys to public repos, ship outdated dependencies, or write unsafe code. Without an automated guard, these small mistakes can lead to major disasters. Sentry makes security automatic, so you can code with confidence.

✨ Core Features (OSS Edition)

🔍 Multi-Language Security Scanning

• 🔑 Secret Detection: Hardcoded API keys, tokens, passwords, .env values
• 🦠 Dependency Vulnerabilities: npm, pip package security issues
• 🐛 Code Patterns: SQL injection, XSS, unsafe coding patterns
• 🐳 Container Security: Dockerfile misconfigurations and vulnerabilities

🤖 Automated Workflow Integration

• GitHub Actions: Automatic PR scanning with detailed comments
• CLI Tool: Local development security checks
• CI/CD Ready: Exit codes for automated pipelines

⚡ Developer-Friendly

• Zero Configuration: Works out of the box
• Graceful Degradation: Runs available scanners when tools missing
• Fast Scanning: Parallel execution and optimized performance
• Clear Results: Color-coded severity levels and actionable insights

🛡️ Production-Grade Reliability

• Battle-tested Tools: Built on Semgrep, Trivy, npm audit, pip-audit
• Robust Error Handling: Won't crash your builds
• Professional Output: Clean formatting for teams and individuals

🚀 Quick Start in 60 Seconds

Method 1: GitHub Actions (Recommended)

Get automated security reviews on every pull request:

1. Create workflow file at .github/workflows/sentry.yml:

name: Sentry Security Scan
on: [pull_request]

jobs:
  sentry-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '18'
      - run: npm install -g sentry-agent
      - run: sentry-agent
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

2. That's it! Every PR will get automatic security scanning with results posted as comments.

Method 2: Local CLI

Scan your code locally before pushing:

# Install globally
npm install -g sentry-agent

# Scan your project (all scanners)
sentry-agent scan ./your-project-directory

# Scan specific types only
sentry-agent scan ./your-project-directory --scanner npm   # Node.js vulnerabilities only
sentry-agent scan ./your-project-directory --scanner pip   # Python vulnerabilities only  
sentry-agent scan ./your-project-directory --scanner semgrep # Code patterns only
sentry-agent scan ./your-project-directory --scanner trivy  # Container security only

Method 3: One-liner (No Installation)

npx sentry-agent scan ./your-project-directory

🤖 Project Context for AI Assistants (Cursor, etc.) Project Vision: The primary goal is to build a widely adopted open-source security tool (Sentry OSS) that serves as the foundation and growth engine for a commercial SaaS product (Sentry Pro). The OSS version must be fast, reliable, and provide immediate value.

Current Focus (Phase 1): Building the OSS CLI and GitHub Action. The core logic involves wrapping existing, battle-tested security tools like Semgrep and Trivy using Node.js's child_process, parsing their JSON output, and presenting it to the user in a clean format (either in the CLI or a GitHub PR comment).

Tech Stack:

CLI & GitHub Action: Node.js, TypeScript

Core Scanners (Wrapped): Semgrep, Trivy, npm audit, pip-audit

Key Libraries: commander.js (for CLI), @actions/github & octokit (for GitHub API), chalk (for CLI output styling)

🏆 Introducing Sentry Pro (Coming Soon!) The free OSS version will always be available and powerful. For growing teams, agencies, and businesses that need more, we're building Sentry Pro.

Sentry Pro will include:

AI-Powered Explanations & Fixes: Understand why something is a risk and get AI-suggested code patches.

Organizational Dashboard: A central place to view the security posture of all your repositories.

Policy Enforcement: Block pull requests from being merged if they contain critical security issues.

Multi-Client Dashboards & White-Label Reports: Perfect for agencies managing security for their clients.

Phase 1: Open Source (Sentry OSS)

Zero-config GitHub Action + CLI.

Free, plug-and-play, no AI costs.

Leverages existing OSS scanners (Semgrep, Trivy, pip-audit).

Growth loop: every PR comment has “Scanned by Sentry OSS” → organic marketing.

🔹 Phase 2: Growth & Adoption

Build community → ruleset contributions, stars, installs.

Blog/tutorials → “Top 5 mistakes Sentry caught this week.”

Target: 500+ repos using it, 500 waitlist signups for Pro.

🔹 Phase 3: Pro SaaS (Sentry Pro)

AI-Powered Explanations → LLM explains findings in plain English.

AI Fix Suggestions → draft patches or PRs.

Org Dashboard → repo trends, severity breakdown, compliance view.

Multi-Client Dashboards → for agencies.

Policy Enforcement → block merges if critical issues exist.

White-label Reports → agencies deliver to clients.

➡️ Join the waitlist for Sentry Pro and get early access!

📖 Documentation

• User Guide - Practical workflows and day-to-day usage scenarios
• Setup Guide - Detailed installation and configuration instructions
• Contributing - Guide for developers who want to contribute
• API Reference - Technical reference and integration documentation
• Learning Guide - Technical deep-dive into how Sentry works

🚨 Troubleshooting

"Tool not installed" warnings?

# Install missing security tools
pip install semgrep pip-audit
brew install trivy  # macOS
# See SETUP.md for complete instructions

GitHub Actions not running?

• Ensure .github/workflows/sentry.yml file exists
• Check that Actions are enabled for your repository
• Verify the workflow triggers on pull_request

Need help?

• 📋 Full Troubleshooting Guide
• 🐛 Report Issues
• 💬 GitHub Discussions

🤝 Contributing

Sentry is built by the community, for the community. We welcome all contributions!

• 🚀 Get Started - Development setup and contribution guide
• 🧪 Add New Scanners - Extend Sentry with new security tools
• 🐛 Report Bugs - Help us improve Sentry

📄 License

This project is licensed under the MIT License. See the LICENSE file for details.

🛡️ Stay secure. Ship with confidence.