For DevSecOps and platform teams

Shift-left without breaking the release.

One Go binary in your pipeline. Deterministic exit codes. SBOM and secrets at build time. Cloud DAST after deploy. The same finding format on both sides, with stable fingerprinting and a public REST API your automation already speaks.

Start free trial See Sentinel agent
GitHub Actions GitLab CI CircleCI Jenkins Buildkite Any Linux runner
CI/CD model

One binary, deterministic exit codes, your runner understands them.

Drop wasviking-sentinel ci in your pipeline. Choose strict-fail or warn per gate. Use baseline mode on legacy repos so the gate only fails on net new findings. Authenticate to your tenant with an ApiKey wv_live_* scoped to CI.

SCA gate

wasviking-sentinel ci --sca. Exit 70 KEV-listed, 71 non-KEV, 72 ok. CycloneDX 1.5 submitted to your tenant on the way through.

Secrets gate

wasviking-sentinel ci --secrets (optional --secrets-verify). Exit 73 verified-live, 74 unverified, 72 ok. Raw secrets never leave the agent.

Scan gate

wasviking-sentinel ci --template <slug> runs a cloud DAST scan with an org-scoped template. Secrets never reach the runner; the resolver runs server-side.

# .github/workflows/security.yml
- name: WASViking · SCA + Secrets + DAST gate
  run: |
    wasviking-sentinel ci --sca --fail-on kev \
     --secrets --secrets-verify \
     --template prod-web-strict
  env:
    WASVIKING_API_KEY: ${{ secrets.WASVIKING_CI_KEY }}
No half-measures on developer experience

A tool your developers will not quietly bypass.

  • Baseline mode so legacy repos do not fail on day one
  • Stable finding fingerprint, so the same issue is the same row across runs
  • Public REST API with scoped keys, every action is automatable
  • Jira sync, two-way mapping, bulk push, polling, no per-finding ticket spam
  • Webhook events on every status transition
  • SLA breach digest scheduled per organization
Concurrency, metering, hygiene
  • Concurrency cap per org, no runaway scans
  • Monthly metering and cleanup cron
  • Stress-tested orphan and stale scan sweep
  • Heartbeat-based orphan sweep + 12h stale-scan ceiling
Integration surface

Where WASViking touches your stack.

Public REST

ApiKey wv_live_*, granular scopes, full automation surface.

Webhooks

finding.created, .reopened, .escalated, .sla_breached and more, signed.

Jira

Two-way field mapping, bulk push, polling. Findings reach the ops queue, not a second console.

Slack · Teams

Routed alerts on transitions, smart re-notify rules to keep the channel signal.

SAML 2.0 SSO

IdP federation, scoped RBAC, four default roles plus 25+ scopes.

SIEM via webhook

Push every transition into your SIEM with a signed event body.

Sentinel CI

SCA, secrets, template-driven scans, deterministic exit codes.

Posture Shares

Programmatic creation, revocation, reissue. posture.<DOMAIN>.

See WASViking® on your own stack.

Start a 14-day trial or talk to our team about an enterprise evaluation. No credit card required for the trial.

Start free trial Talk to sales