{"id":49274043,"url":"https://github.com/chavatte/sentinel-ops","last_synced_at":"2026-04-28T13:04:05.186Z","repository":{"id":345523710,"uuid":"1153896468","full_name":"chavatte/sentinel-ops","owner":"chavatte","description":"πŸ›‘οΈ Universal Node.js Security \u0026 Dependency Auditor (NPM/Yarn/PNPM). Automated CVE detection, Supply Chain monitoring, and tactical Dashboard. 🐳 Docker Ready.","archived":false,"fork":false,"pushed_at":"2026-04-06T13:04:06.000Z","size":7099,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-06T14:25:39.895Z","etag":null,"topics":["audit","cve","dashboard","devsecops","docker","nodejs","npm","pnpm","python","secops","security","self-hosted","supply-chain-security","vulnerability-scanner","yarn"],"latest_commit_sha":null,"homepage":"https://chavatte.online/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chavatte.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-09T19:47:33.000Z","updated_at":"2026-04-06T13:04:09.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/chavatte/sentinel-ops","commit_stats":null,"previous_names":["chavatte/sentinel-ops"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/chavatte/sentinel-ops","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chavatte%2Fsentinel-ops","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chavatte%2Fsentinel-ops/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chavatte%2Fsentinel-ops/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chavatte%2Fsentinel-ops/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chavatte","download_url":"https://codeload.github.com/chavatte/sentinel-ops/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chavatte%2Fsentinel-ops/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32266030,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-25T09:15:33.318Z","status":"ssl_error","status_checked_at":"2026-04-25T09:15:31.997Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","cve","dashboard","devsecops","docker","nodejs","npm","pnpm","python","secops","security","self-hosted","supply-chain-security","vulnerability-scanner","yarn"],"created_at":"2026-04-25T15:05:23.814Z","updated_at":"2026-04-25T15:05:34.539Z","avatar_url":"https://github.com/chavatte.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cpre style=\"font-size: 0.5rem;\"\u003e\n\n \\\\\\\\\\\\\n \\\\\\\\\\\\\\\\\\\\\\\\\n \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\n-------------,-| |C\u003e // )\\\\\\\\| .o88b. db db .d8b. db db .d8b. d888888b d888888b d88888b\n ,','| / || ,'/////| d8P Y8 88 88 d8' '8b 88 88 d8' '8b '~~88~~' '~~88~~' 88' \n---------,',' | (, || ///// 8P 88ooo88 88ooo88 Y8 8P 88ooo88 88 88 88ooooo \n || | \\\\ ||||//''''| 8b 88~~~88 88~~~88 '8b d8' 88~~~88 88 88 88~~~~~ \n || | ||||||| _| Y8b d8 88 88 88 88 '8bd8' 88 88 88 88 88. \n || |______ ''''\\____/ \\ 'Y88P' YP YP YP YP YP YP YP YP YP Y88888P\n || | ,| _/_____/ \\\n || ,' ,' | / | ___________________________________________\n ||,' ,' | | \\ | / \\ \\ \n_________|/ ,' | / | | | | | \n_____________,' ,',_____| | | | \\ | chavatte@duck.com | \n | ,',' | | | | | chavatte.vercel.app | \n | ,',' ____|_____/ / | | ________________________________________|___\n | ,',' __/ | / | | / /\n_____________|',' ///_/-------------/ | \\_/____________________________________________/ \n |===========,' \n\t\t\t \n\n\u003c/pre\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n\u003cimg src=\"./assets/logo.png\" alt=\"Sentinel Ops\" style=\"margin: 10px;\"\u003e\n\n# πŸ›‘οΈ Sentinel Ops\n\n\u003c/div\u003e\n\n\u003e **Chavatte Security Operations Center** \u003e Universal Vulnerability \u0026 Dependency Monitor for Node.js Projects\n\n[![Portuguese Version](https://img.shields.io/badge/Leia_em-PortuguΓͺs-green?style=for-the-badge)](README.pt-br.md)\n\n![Version](https://img.shields.io/badge/version-1.1.4-00ff41?style=for-the-badge\u0026logo=security)\n![Docker](https://img.shields.io/badge/Docker-Ready-blue?style=for-the-badge\u0026logo=docker)\n![License](https://img.shields.io/badge/License-MIT-orange?style=for-the-badge)\n\n**Sentinel Ops** is a continuous security audit tool designed for Home Labs, CasaOS servers, and DevOps/SecOps teams. It automatically monitors your Git repositories, checks for outdated dependencies, and alerts on security vulnerabilities (CVEs/GHSAs) via a responsive Cyberpunk interface.\n\n---\n\n## ✨ Features\n\n* **πŸ•΅οΈβ€β™‚οΈ Universal:** Automatically detects and audits **NPM**, **Yarn (Classic \u0026 Berry v4+)**, and **PNPM** projects.\n* **πŸ“‘ OSV-Scanner Integration:** Powered by Google's OSV database to detect cross-ecosystem vulnerabilities missed by native audits.\n* **🎯 Threat Intel:** Built-in intelligent links direct you to the exact advisory (NIST NVD, GitHub Advisories, OSV) for quick mitigation.\n* **⚑ Ultra Fast (Sparse Checkout):** Does not clone the entire repo. Only downloads manifest files (`package.json`, `lockfiles`), saving bandwidth and storage.\n* **πŸ”’ Secure:** Runs in an isolated container with no write access to the remote repository.\n* **πŸ–₯️ Visual Dashboard:** Responsive Web UI with Dark Mode, real-time updates, Source Badges, and risk details.\n* **🐳 Docker Native:** Ready for Docker Compose, CasaOS, or Portainer.\n* **πŸ”‘ Hybrid Support:** Works with private repositories (via SSH) and public ones (via HTTPS).\n\n---\n\n## πŸš€ Quick Install (Docker Compose)\n\n### 1. Folder Structure\n\nCreate a project folder with the following structure:\n\n```text\n/sentinel-ops\nβ”œβ”€β”€ docker-compose.yml\nβ”œβ”€β”€ ssh/ # (Optional) Your private SSH keys\n└── config/\n └── repos.yml # Repository list\n```\n\n\n### 2. Configuration (`docker-compose.yml`)\n\n**YAML**\n\n```\nversion: \"3.8\"\nservices:\n sentinel-ops:\n image: chavatte/sentinel-ops:latest\n container_name: sentinel-ops\n restart: unless-stopped\n ports:\n - \"8080:8080\"\n dns:\n - 8.8.8.8\n - 1.1.1.1\n environment:\n - SCAN_INTERVAL=21600 # Time in seconds (6 hours)\n - TZ=America/Sao_Paulo\n volumes:\n - ./config/repos.yml:/config/repos.yml:ro\n - ./ssh:/ssh:ro\n - sentinel_data:/data\n\nvolumes:\n sentinel_data:\n```\n\n### 3. Defining Repositories (`config/repos.yml`)\n\nCreate `config/repos.yml`. You can mix private and public repos.\n\n**YAML**\n\n```\nrepos:\n # πŸ” Private Repo (Requires key in ./ssh folder)\n - id: my-saas\n name: \"My Private SaaS\"\n git: git@github.com:user/secret-project.git\n ssh_key: /ssh/id_rsa\n\n # 🌍 Public Repo (No key needed)\n - id: react-core\n name: \"React (Open Source)\"\n git: [https://github.com/facebook/react.git](https://github.com/facebook/react.git)\n```\n\n### 4. Running\n\n**Bash**\n\n```\ndocker compose up -d\n```\n\nAccess dashboard at: `http://localhost:8080`\n\n---\n\n## πŸ”‘ SSH Configuration (For Private Repos)\n\nIf you need to audit private repositories (GitHub, GitLab, Bitbucket):\n\n1. Copy your private key (e.g., `id_rsa`) to the `./ssh` folder you created.\n2. In `repos.yml`, the `ssh_key` field must point to `/ssh/filename`.\n3. **Security:** Sentinel Ops copies your key to a secure temporary area and applies restricted permissions (`chmod 600`) automatically during execution.\n\n\u003e **Note:** No `known_hosts` configuration required. The system automatically accepts server fingerprints for easier container usage.\n\n---\n\n## πŸ› οΈ Development (Manual)\n\nTo run outside Docker or contribute:\n\n**Prerequisites:** Python 3.11+, Git, Node.js, Corepack (Yarn/PNPM), and OSV-Scanner installed.\n\n1. Clone this repository.\n2. Install Python dependencies:\n **Bash**\n\n ```\n pip install -r requirements.txt\n ```\n3. Set env vars and run:\n **Bash**\n\n ```\n export CONFIG_FILE=\"./config/repos.yml\"\n python3 src/main.py\n ```\n\n---\n\n## πŸ“ License\n\nThis project is distributed under the **MIT** license.\nSee the `LICENSE` file for details.\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n\u003cb\u003eCHAVATTE SECURITY\u003c/b\u003e\n\nDeveloped by \u003ca href=\"https://github.com/chavatte\"\u003eDevChavatte\u003c/a\u003e\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchavatte%2Fsentinel-ops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchavatte%2Fsentinel-ops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchavatte%2Fsentinel-ops/lists"}