Skip to content

chavatte/sentinel-ops

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

22 Commits
assets
assets
Β 
Β 
src
src
Β 
Β 
ssh
ssh
Β 
Β 
.dockerignore
.dockerignore
Β 
Β 
Dockerfile
Dockerfile
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
README.pt-br.md
README.pt-br.md
Β 
Β 
bump.py
bump.py
Β 
Β 
docker-compose.dev.yml
docker-compose.dev.yml
Β 
Β 
docker-compose.yml
docker-compose.yml
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 

Repository files navigation

                              \\\\\\
                           \\\\\\\\\\\\
                          \\\\\\\\\\\\\\\
-------------,-|           |C>   // )\\\\|    .o88b. db   db  .d8b.  db    db  .d8b.  d888888b d888888b d88888b
           ,','|          /    || ,'/////|   d8P  Y8 88   88 d8' '8b 88    88 d8' '8b '~~88~~' '~~88~~' 88'  
---------,','  |         (,    ||   /////    8P      88ooo88 88ooo88 Y8    8P 88ooo88    88       88    88ooooo 
         ||    |          \\  ||||//''''|    8b      88~~~88 88~~~88 '8b  d8' 88~~~88    88       88    88~~~~~ 
         ||    |           |||||||     _|    Y8b  d8 88   88 88   88  '8bd8'  88   88    88       88    88.   
         ||    |______      ''''\____/ \      'Y88P' YP   YP YP   YP    YP    YP   YP    YP       YP    Y88888P
         ||    |     ,|         _/_____/ \
         ||  ,'    ,' |        /          |                 ___________________________________________
         ||,'    ,'   |       |         \  |              / \                                           \ 
_________|/    ,'     |      /           | |             |  |                                            | 
_____________,'      ,',_____|      |    | |              \ |      chavatte@duck.com                     | 
             |     ,','      |      |    | |                |                       chavatte.vercel.app  | 
             |   ,','    ____|_____/    /  |                |    ________________________________________|___
             | ,','  __/ |             /   |                |  /                                            /
_____________|','   ///_/-------------/   |                 \_/____________________________________________/ 
              |===========,'
Sentinel Ops

πŸ›‘οΈ Sentinel Ops

Chavatte Security Operations Center Advanced Threat Intelligence & Vulnerability Monitor for Node.js Ecosystems

Portuguese Version

Version Docker License

Sentinel Ops is a continuous security audit and Threat Intelligence tool designed for Home Labs, CasaOS servers, and DevSecOps teams. It automatically monitors Git repositories, audits dependency trees, tracks technical debt, and alerts on security vulnerabilities (CVEs/GHSAs) via a responsive Cyberpunk HUD.

✨ Key Features

  • πŸ—„οΈ UI-Driven SQLite Database: Say goodbye to YAML files. Manage your repositories, toggle scans, and track historical data entirely through the Web UI (SYS_CONFIG).
  • πŸ“Š Threat Analytics: Interactive data visualization (powered by ApexCharts) tracking Mean Time To Resolve (MTTR), Severity Distributions, and Top Offender applications.
  • πŸ•΅οΈβ€β™‚οΈ Universal Compatibility: Seamlessly detects and audits NPM, Yarn (Classic & Berry v4+), and PNPM environments.
  • 🌐 OSV-Scanner Integration: Performs deep complementary scans using Google's OSV.dev database, capturing threats that bypass native package manager audits.
  • 🎯 Dynamic Threat Intel: Vulnerability cards automatically generate clickable links to official mitigation reports (NIST NVD, GitHub Advisories, OSV).
  • πŸ“„ Threat Report Export: Instantly generate tactical Markdown (.md) reports containing an Executive Summary and an Exploitation Map for Red/Blue teams.
  • ⚑ Ultra Fast (Sparse Checkout): Does not clone the entire repo. Only downloads manifest files (package.json, lockfiles) securely into isolated memory.
  • πŸ”‘ Hybrid Support: Works natively with private repositories (via SSH) and public ones (via HTTPS).

πŸš€ Quick Install (Docker Compose)

1. Folder Structure

Create a project folder with the following structure:

/sentinel-ops
β”œβ”€β”€ docker-compose.yml
└── ssh/                # (Optional) Your private SSH keys

2. Configuration (docker-compose.yml)

YAML

version: "3.8"
services:
  sentinel-ops:
    image: chavatte/sentinel-ops:latest
    container_name: sentinel-ops
    restart: unless-stopped
    ports:
      - "9393:8080"
    dns:
      - 8.8.8.8
      - 1.1.1.1
    environment:
      - SCAN_INTERVAL=21600 # Time in seconds (6 hours)
      - TZ=America/Sao_Paulo
    volumes:
      - ./ssh:/ssh:ro
      - sentinel_data:/data # SQLite database and states persist here

volumes:
  sentinel_data:

3. Running & Configuration

Bash

docker-compose up -d
  1. Access your SecOps Dashboard at: http://localhost:9393
  2. Click on the SYS_CONFIG button in the header.
  3. Add your repositories directly via the interface (Dynamic configuration).

πŸ›‘οΈ SecOps Transparency & Docker Image Security

As a security-centric tool, Sentinel Ops maintains strict transparency regarding its own container supply chain. If you scan our Docker image using tools like Docker Scout or Trivy, you may notice some flagged CVEs. These are mapped and classified as Accepted Third-Party Risks :

  • Google OSV-Scanner (golang vulnerabilities): We fetch the latest official compiled osv-scanner binary directly from Google's releases. Any Golang-related CVEs flagged within this binary are upstream dependencies managed by Google.
  • Alpine & NPM (tar, minimatch, etc.): Our foundation uses the hardened python:3.14-alpine and forces global NPM updates to minimize attack surfaces. However, some transient dependencies tied to the OS package manager ecosystem might trigger low/moderate alerts.

Rest assured: Sentinel Ops runs strictly in isolated sub-processes. These upstream flags do not compromise your remote repositories or the integrity of your host server.

πŸ”‘ SSH Configuration (For Private Repos)

If you need to audit private repositories (GitHub, GitLab, Bitbucket):

  1. Copy your private key (e.g., id_rsa) to the ./ssh folder.
  2. In the Sentinel Ops Web UI (SYS_CONFIG), fill the SSH Key field pointing to /ssh/filename (e.g., /ssh/id_rsa).
  3. Security: Sentinel Ops copies your key to a secure temporary area and applies restricted permissions (chmod 600) automatically during execution.
  4. No known_hosts manual configuration required.

πŸ› οΈ Development (Manual)

To run outside Docker or contribute:

Prerequisites: Python 3.11+, Git, Node.js, Yarn, NPM, and PNPM installed.

Bash

# 1. Clone this repository
git clone https://github.com/chavatte/sentinel-ops.git
# 2. Install Python dependencies
pip install -r requirements.txt

# 3. Run the backend server
python3 src/main.py

πŸ“ License

This project is distributed under the MIT license. See the LICENSE file for details.

CHAVATTE SECURITY

Developed by @DevChavatte

About

πŸ›‘οΈ Universal Node.js Security & Dependency Auditor (NPM/Yarn/PNPM). Automated CVE detection, Supply Chain monitoring, and tactical Dashboard. 🐳 Docker Ready.

chavatte.online/

Topics

nodejs python docker npm security yarn dashboard audit self-hosted secops cve pnpm devsecops vulnerability-scanner supply-chain-security

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 4

Sentinel Ops v2.0.0 - The SecOps HUD Edition πŸš€πŸ›‘οΈ Latest
May 4, 2026
+ 3 releases

Packages

 
 
 

Contributors

Languages