Sentinel Core Security Gate
Version updated for https://github.com/DataWizual-Labs/the-stand to version v2.1.0.
- This action is used across all versions by ? repositories.
Action Type
This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
The Sentinel Core Security Gate GitHub Action is a deterministic enforcement tool designed to block insecure code changes in CI/CD pipelines before they reach production. It automates security decisions by scanning code and configurations, producing a clear PASS or BLOCK outcome, and generating compliance-grade audit reports. This action eliminates ambiguity in security assessments, ensures enterprise-grade enforcement within local infrastructure, and prevents deployment of critical vulnerabilities.
Release notes
Overview
This release introduces Sentinel Core, a deterministic security enforcement gate designed to prevent insecure code and infrastructure changes from progressing through CI/CD workflows.
Sentinel Core provides a strict ALLOW / BLOCK execution model, producing actionable security evidence instead of noisy scanner output.
Key Capabilities
Deterministic Enforcement Gate Sentinel operates as a security barrier — producing a clear binary decision: ✅ ALLOW or ❌ BLOCK
Supply Chain Hardening Detects and blocks high-risk patterns such as mutable container tags (
:latest) and missing digest pinning.Offline-First Execution (Zero-Telemetry Mode) Runs fully inside your environment with no external data transfer or cloud dependency.
Structured Security Reporting Generates audit-style HTML/Markdown reports including:
- violation context
- remediation guidance
- enforcement outcome
Demo Usage (GitHub Stand)
This release includes a reference demonstration workflow via the the-stand repository:
- Push code or IaC files into the demo repository
- Sentinel automatically executes on every commit
- Results appear directly inside GitHub Actions
- Full reports are uploaded as downloadable artifacts
Example Policy Violations Sentinel Can Block
- Mutable container images (
node:latest) - Unsafe CI/CD supply chain configurations
- Infrastructure policy drift in Terraform/Kubernetes
- Embedded secrets or credential leakage patterns
Notes
This release demonstrates Sentinel Core’s enforcement logic in CI/CD. Production deployments support stronger local enforcement (commit-time gating) and administrator-controlled policy integrity.
Developed by DataWizual Labs — focused on deterministic security engineering.