Sentinel Core Security Gate

Version updated for https://github.com/DataWizual-Labs/the-stand to version v2.1.0.

  • This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Sentinel Core Security Gate GitHub Action is a deterministic enforcement tool designed to block insecure code changes in CI/CD pipelines before they reach production. It automates security decisions by scanning code and configurations, producing a clear PASS or BLOCK outcome, and generating compliance-grade audit reports. This action eliminates ambiguity in security assessments, ensures enterprise-grade enforcement within local infrastructure, and prevents deployment of critical vulnerabilities.

Release notes

Overview

This release introduces Sentinel Core, a deterministic security enforcement gate designed to prevent insecure code and infrastructure changes from progressing through CI/CD workflows.

Sentinel Core provides a strict ALLOW / BLOCK execution model, producing actionable security evidence instead of noisy scanner output.

Key Capabilities

  • Deterministic Enforcement Gate Sentinel operates as a security barrier — producing a clear binary decision: ✅ ALLOW or ❌ BLOCK

  • Supply Chain Hardening Detects and blocks high-risk patterns such as mutable container tags (:latest) and missing digest pinning.

  • Offline-First Execution (Zero-Telemetry Mode) Runs fully inside your environment with no external data transfer or cloud dependency.

  • Structured Security Reporting Generates audit-style HTML/Markdown reports including:

    • violation context
    • remediation guidance
    • enforcement outcome

Demo Usage (GitHub Stand)

This release includes a reference demonstration workflow via the the-stand repository:

  1. Push code or IaC files into the demo repository
  2. Sentinel automatically executes on every commit
  3. Results appear directly inside GitHub Actions
  4. Full reports are uploaded as downloadable artifacts

Example Policy Violations Sentinel Can Block

  • Mutable container images (node:latest)
  • Unsafe CI/CD supply chain configurations
  • Infrastructure policy drift in Terraform/Kubernetes
  • Embedded secrets or credential leakage patterns

Notes

This release demonstrates Sentinel Core’s enforcement logic in CI/CD. Production deployments support stronger local enforcement (commit-time gating) and administrator-controlled policy integrity.

Developed by DataWizual Labs — focused on deterministic security engineering.