Skip to content

Helixar-AI/sentinel

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

9 Commits
.github
.github
Β 
Β 
sentinel
sentinel
Β 
Β 
tests
tests
Β 
Β 
.gitignore
.gitignore
Β 
Β 
CONTRIBUTING.md
CONTRIBUTING.md
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
action.yml
action.yml
Β 
Β 
pyproject.toml
pyproject.toml
Β 
Β 

Repository files navigation

πŸ›‘οΈ Sentinel MCP Scanner

Security scanner for Model Context Protocol servers

CI GitHub Stars License: MIT Python PyPI Marketplace

Sentinel scans MCP server configurations, live endpoints, and Docker containers for security misconfigurations β€” surfacing findings with severity ratings, remediation guidance, and CI/CD integration.

Sentinel detects misconfigurations. For 360Β° enterprise runtime protection, see Helixar.

Features

  • πŸ” Config scanner β€” static analysis of MCP server config files (10 checks)
  • 🌐 Probe scanner β€” live endpoint security analysis (8 checks)
  • 🐳 Container scanner β€” Docker container/image inspection (8 checks)
  • πŸ“‹ 26 detection rules across all modules
  • 🎨 4 output formats β€” terminal (Rich), HTML, JSON, SARIF 2.1
  • βš™οΈ GitHub Action β€” drop-in CI integration with SARIF upload support
  • 🚦 Fail-on threshold β€” block PRs on HIGH/CRITICAL findings

Installation

pip install helixar-sentinel

Or from source:

git clone https://github.com/Helixar-AI/sentinel
cd sentinel
pip install -e ".[dev]"

Quick Start

# Scan a config file
sentinel config mcp.json

# Probe a live endpoint
sentinel probe https://your-mcp-server.example.com

# Inspect a Docker container
sentinel container my-mcp-image:latest

# Run all scanners in one pass
sentinel scan --config mcp.json --endpoint https://mcp.example.com --container my-image:latest

# Output as SARIF for GitHub Code Scanning
sentinel config mcp.json --format sarif --output sentinel.sarif.json

GitHub Actions

- uses: Helixar-AI/sentinel@v1
  with:
    config: ./mcp.json
    endpoint: ${{ secrets.MCP_ENDPOINT }}
    container: my-mcp-image:latest
    fail-on: high
    format: sarif
    output: sentinel.sarif.json

- uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: sentinel.sarif.json

Inputs

Input Required Default Description
config No β€” Path to MCP server config file
endpoint No β€” Live MCP endpoint URL to probe
container No β€” Docker container name or image
fail-on No high Minimum severity to fail the build
format No sarif Output format (terminal/json/sarif/html)
output No sentinel.sarif.json Report output path

Output Formats

Format Flag Use case
Terminal --format terminal (default) Local development
JSON --format json Custom tooling
SARIF --format sarif GitHub Code Scanning
HTML --format html Stakeholder reports

Detection Rules

Config module β€” 10 rules

ID Severity Check
CFG-001 πŸ”΄ CRITICAL No authentication configured
CFG-002 πŸ”΄ CRITICAL Plaintext secrets in config
CFG-003 🟠 HIGH Wildcard tool permissions
CFG-004 🟠 HIGH No rate limiting
CFG-005 🟑 MEDIUM Debug mode enabled
CFG-006 🟠 HIGH No TLS configuration
CFG-007 🟠 HIGH Wildcard CORS origin
CFG-008 🟑 MEDIUM No input validation
CFG-009 🟑 MEDIUM Sensitive data logging
CFG-010 πŸ”΅ LOW No request timeout

Probe module β€” 8 rules

ID Severity Check
PRB-001 πŸ”΄ CRITICAL TLS certificate invalid/expired
PRB-002 🟠 HIGH Weak TLS version (< TLS 1.2)
PRB-003 πŸ”΄ CRITICAL No authentication required
PRB-004 🟑 MEDIUM Server version disclosed in headers
PRB-005 🟑 MEDIUM Missing security headers
PRB-006 🟠 HIGH Tool listing publicly exposed
PRB-007 πŸ”΅ LOW Verbose error messages
PRB-008 🟠 HIGH No rate limiting detected

Container module β€” 8 rules

ID Severity Check
CTR-001 🟠 HIGH Container running as root
CTR-002 πŸ”΄ CRITICAL Privileged container mode
CTR-003 🟑 MEDIUM No CPU/memory resource limits
CTR-004 🟠 HIGH Sensitive env vars exposed
CTR-005 🟑 MEDIUM Writable root filesystem
CTR-006 πŸ”΅ LOW No health check configured
CTR-007 🟑 MEDIUM Outdated base image
CTR-008 🟠 HIGH Dangerous ports exposed

Fail-on Threshold

sentinel config mcp.json --fail-on critical   # exit 1 on CRITICAL only
sentinel config mcp.json --fail-on high        # exit 1 on HIGH+ (default)
sentinel config mcp.json --fail-on medium      # exit 1 on MEDIUM+
sentinel config mcp.json --fail-on low         # exit 1 on any finding

Adding a New Rule

Rules are data, not code β€” adding one takes three steps:

1. Add to sentinel/rules/rules.yaml 2. Add a _check_<key> method in the relevant module scanner 3. Add tests

See CONTRIBUTING.md for the full workflow.

Running Tests

python -m pytest tests/unit/ -v
python -m pytest tests/ --cov=sentinel --cov-report=html

Roadmap

  • sentinel watch β€” continuous monitoring mode
  • Kubernetes manifest scanning
  • JWT algorithm confusion + replay attack probe checks
  • --diff flag for regression detection across runs
  • Additional output: JUnit XML for legacy CI systems

License

MIT β€” see LICENSE

Built by Helixar Security Research β€’ Runtime protection: helixar.ai

⭐ Star this repo if sentinel is useful to you β€” it helps others find it.

About

MCP security scanner by Helixar

Topics

python cli security mcp scanner red-team ai-agents ai-security threat-detection prompt-injection llm-security agentic-ai model-context-protocol helixar

Resources

Readme

License

MIT license

Contributing

Contributing
Activity
Custom properties

Stars

5 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 2

Sentinel MCP Scanner v0.1.1 Latest
Mar 9, 2026
+ 1 release

Packages

 
 
 

Contributors

Languages