{"id":14384471,"url":"https://github.com/nintexplatform/sentinel","last_synced_at":"2025-08-04T07:10:30.460Z","repository":{"id":25166785,"uuid":"103344923","full_name":"nintexplatform/sentinel","owner":"nintexplatform","description":"Automated security testing framework for web applications","archived":false,"fork":false,"pushed_at":"2023-06-28T03:46:20.000Z","size":470,"stargazers_count":21,"open_issues_count":12,"forks_count":6,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-07-07T04:09:15.275Z","etag":null,"topics":["automated-testing","automation","cucumber","docker","selenium","sentinel","sslyze","zap"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nintexplatform.png","metadata":{"files":{"readme":"Readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-09-13T02:44:35.000Z","updated_at":"2024-02-24T07:39:22.000Z","dependencies_parsed_at":"2024-01-14T20:16:30.973Z","dependency_job_id":"de157c7c-1e11-44ac-b12c-6f14582aaf31","html_url":"https://github.com/nintexplatform/sentinel","commit_stats":{"total_commits":114,"total_committers":9,"mean_commits":"12.666666666666666","dds":0.631578947368421,"last_synced_commit":"392a789cbf881606b51a7a72d7cd969437f26c1e"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/nintexplatform/sentinel","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nintexplatform%2Fsentinel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nintexplatform%2Fsentinel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nintexplatform%2Fsentinel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nintexplatform%2Fsentinel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nintexplatform","download_url":"https://codeload.github.com/nintexplatform/sentinel/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nintexplatform%2Fsentinel/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268660145,"owners_count":24286028,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-04T02:00:09.867Z","response_time":79,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automated-testing","automation","cucumber","docker","selenium","sentinel","sslyze","zap"],"created_at":"2024-08-28T18:01:24.782Z","updated_at":"2025-08-04T07:10:30.414Z","avatar_url":"https://github.com/nintexplatform.png","language":"JavaScript","funding_links":[],"categories":["JavaScript"],"sub_categories":[],"readme":"\n[![npm](https://img.shields.io/npm/v/sentinel-ast.svg)](https://www.npmjs.com/package/sentinel-ast) \n[![License](https://img.shields.io/npm/l/sentinel-ast.svg)](https://github.com/nintexplatform/sentinel/blob/master/LICENSE)\n[![Build Status](https://travis-ci.org/nintexplatform/sentinel.svg?branch=master)](https://travis-ci.org/nintexplatform/sentinel)\n\n# Sentinel\n\nSentinel is a framework that enables _automated security testing_ via a suite of industry standard test frameworks and security tools. \n\nIt is built on Cucumber and Node.js. This allows for security test cases to be defined in Gherkin/BDD syntax making them human readable and self documenting. The idea is that we make security testing a concept that is approachable(tests written by developers, testers, security guys), repeatable(when integrated with your CI/CD pipelines) and auditable(when used to gather evidence in compliancy initiatives).\n\nSentinel was inspired by existing security frameworks(Gauntlt, Mittn, BDD-Security) but we felt the need to provide our own flavour to security testing with a modern javascript and docker based environment. \n\n# Features\nSentinel is currently integrated with\n- Automated security scanners - [Open Zap](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project), [SSLyze](https://github.com/nabla-c0d3/sslyze) and [snyk](https://snyk.io) to find security vulnerabilities in your web applications.\n- Selenium/WebDriver and Node.js for implementing browser and API based automated tests.\n- Docker/Compose that enables drop-in isolation of integrated components during runtime. It also enables what we call the Bring-Your-Own-Container(s) feature, which gives consumers of Sentinel the capability to attach their web applications/services as containers onto Sentinels' networking infrastructure.\n- Reporting tools. \n\nIt has been designed from ground-up to be completely [extensible](#extensibility).\n\n# Quickstart\n\nWe want to get you off the ground and started as quick as possible in just a few steps. Running commands below on your shell will install Node.js, Docker and Sentinel running security tests against a local containerized website.\n\n```bash\nsh -c \"$(curl -fsSL https://raw.githubusercontent.com/nintexplatform/sentinel/master/bin/install-dependencies.sh)\"\ngit clone https://github.com/nintexplatform/sentinel-example.git \u0026\u0026 cd sentinel-example\nnpm install \nnpm run test\n```\n\nOn Linux, run the install-dependencies script under `sudo` for root privileges.\n\nOnce the tests have completed, you can find a generated report under `sentinel-example/report` directory\n\nWe've introduced an example use case of Sentinel in the [`sentinel-example`](https://github.com/nintexplatform/sentinel-example) repo\n\n# Getting Started\nTo install the framework:\n1. [Install prequisites](#install-prequisites)\n2. [Install Sentinel](#install-sentinel-via-npm) via npm\n\n## Install Prerequisites\nThese prerequisites must be installed first. \n1. [Node.js](https://nodejs.org/en/download/) Version 7+\n2. [Docker](https://docs.docker.com/engine/installation/)\n3. [Docker Compose](https://docs.docker.com/compose/install/#install-compose) \n\n Alternatively, for Docker + Compose, you can also install Docker for [Mac](https://www.docker.com/docker-mac) or [Windows](https://www.docker.com/docker-windows) which is a fast and easy way to get Docker + Compose.\n\n-or- \n\nUse our quick-install script\n```bash\nsh -c \"$(curl -fsSL https://raw.githubusercontent.com/nintexplatform/sentinel/master/bin/install-dependencies.sh)\"\n```\n\n## Install Sentinel via npm\n\n```bash\nnpm install -g sentinel-ast\n```\n\nFrom this point, see the [For Developers](#for-developers) section below on how to use Sentinel.\n\n# For Developers\n\n## Sentinel CLI \n\nGetting Sentinel to run is simple and done primarily through a global(if npm installed with `-g`) CLI.\n\n``` bash\nsentinel\n\n Usage: sentinel [options] [command]\n\n\n Options:\n\n -V, --version output the version number\n -h, --help output usage information\n\n\n Commands:\n\n init Initializes configuration \u0026 test templates in the current directory\n run-compose [COMMAND] [ARGS...] Runs docker compose commands\n run-cucumber [options] [DIR] Runs cucumber tests\n start-services [options] Starts services in its containers\n stop-services [options] Stops services and its containers\n```\n```\nsentinel init\n```\n- From an empty directory, you should always run this command first. It initializes the current directory with a default config.env, feature templates and config json files.\n- The default parameters in config.env are [explained below](#environment-variables). They should be configured prior to starting up the services. \n\n```\nsentinel start-services\n```\n- This command starts all integrated services as containers.\n\n```\nsentinel stop-services\n```\n- This command stops all containers hosting integrated services. \n\n```\nsentinel run-compose\n```\n- This command proxies the CLI arguments to Docker compose. \n\n```\nsentinel run-cucumber\n```\n- This command proxies the CLI arguments to Cucumber-js. \n\n\n## Integrations \nThe framework ships with a few integrated components out of the box. If they are hosted within containers, we refer to them as **services**.\n\n### Cucumber Report\nAdds cucumber hooks to create a report at the end of a test run. \nIntegrates the [Cucumber Html Reporter](https://www.npmjs.com/package/cucumber-html-reporter)\n\n### Slack\nAdds hooks to post results at the end of a test run to Slack.\n\n### Node\nThis is a general purpose Node.js container that tests are run in. \nIt reads environment variables from config.env\nNode Version 7+\n\n### Selenium WebDriver\nThe node [Selenium WebDriver](https://www.npmjs.com/package/selenium-webdriver) package. \nIt has cucumber hooks to configure the webdriver and adds the driver instance to the world. \nIt also has a docker service for running a chrome container for remote control of the browser.\n\n### SSLyze\nA service which can be used for running a SSLyze scan against a host. \n[GitHub](https://github.com/iSECPartners/sslyze)\n\n### Zap\nA service which hosts OWASP ZAP. \n[GitHub](https://github.com/zaproxy/zaproxy/)\n\n### Snyk\nA service which can be used for packages and dependency scanning projects.\n[snyk.io](https://snyk.io)\n\n## Enabling integrations\nEnabling integrations and loading up additional **services** is managed via a config file. It needs to be created in the root folder of the project that references Sentinel, as `.sentinel.json`\n\nSample `.sentinel.json` :\n```\n{\n \"integrations\": {\n \"whitelist\": [\n \"node\",\n \"docker\",\n \"cucumber-report\",\n \"selenium\",\n \"sslyze\",\n \"zap\"\n ],\n \"customServices\": [\n \"./nodegoat-app/docker-compose.yml\"\n ]\n }\n}\n```\n\n## Extensibility\nExtending the framework starts with packaging your new **component** as a sub-directory within the `/integration` directory. These components can hook into the Sentinel runtime in a number of ways.\n\n* Cucumber support files \n Any files found in a components `cucumber` folder gets required when starting tests. \n This can be used to add step definitions, modify the world, add hooks etc. \n (Refer to `/integration/selenium`)\n* Docker container/service \n Required binaries, cli tools, etc can be exposed as a webservice by adding a compose-*.yml file in the integrations folder. \n This lets you define containers that can host the cli and allows test code to use REST calls to access it by service name. \n (Refer to `/integration/sslyze`)\n * Javascript module \n You can create reusable Page Objects or interfaces needed to communicate to **services** by including the classes and exporting them from the `index.js` in the framework's root directory. By doing so, consumers of the Sentinel framework can have access to these objects at runtime. \n (Refer to `/integration/zap`)\n\n## Environment Variables\n\n| Integration | Name | Description | Required | Default / Optional Values |\n|---------------------|-----------------------------|--------------------------------|----------|-------------|\n| sslyze | SSLYZE_SERVER_URL | Url to sslyze api server | false | http://sslyze:8081/ |\n| zap | ZAP_SERVER_URL | Url to zap api server | false | http://zap:8080/ |\n| zap | ZAP_MAX_DEPTH | zap crawling max depth | false | 5 |\n| zap | ZAP_THREAD_DEPTH | zap thread number | false | 5 | \n| snyk | SNYK_TOKEN | [Auth token](https://snyk.io/docs/using-snyk#authentication) for snyk| false | |\n| snyk | SNYK_URL | Url to snyk api server | false | http://snyk:8086/ |\n| application | AUT_SERVER_URL | Url to application under test | true | https://nodegoat:4000 |\n| selenium | SELENIUM_BROWSER | Webdriver capabilities | false | chrome |\n| selenium | SELENIUM_REMOTE_URL | Webdriver url | true | http://selenium:4444/wd/hub |\n| selenium | SELENIUM_REMOTE_CAPABILITY | For remote selenium services | false | ./remoteSelenium.config.template.json |\n| selenium | WEBDRIVER_PAGE_TIMEOUT | Webdriver page load timeout | false | 45000 |\n| selenium | WEBDRIVER_LONG_TIMEOUT | Timeout for long running step | false | 30000 |\n| selenium | EXECUTION_ENVIRONMENT | For zap proxy | false | local (default) / proxy / remote |\n| cucumber | FEATURE_DIR | Feature file location | false | ./features/ |\n| cucumber | CUCUMBER_LONG_TIMEOUT | timeout for cucumber steps | false | 30000 |\n| cucumber-report | CUCUMBER_REPORT_DIR | path to store reports | false | ./report/ |\n| slack | SLACK_FEATURE | *ON* or *OFF* the process | false | 'ON' / 'OFF' (default) | \n| slack | SLACK_WEBHOOK_URI | Specify the Incoming webhooks url - [Reference](https://api.slack.com/incoming-webhooks) | false | - | \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnintexplatform%2Fsentinel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnintexplatform%2Fsentinel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnintexplatform%2Fsentinel/lists"}