SentraScan
AI & Agentic Supply Chain Security Scanner
A unified, self-hosted security scanning system purpose-built to detect, classify, and operationalize risks across modern AI, agentic, and software supply chains. Provides consistent, policy-driven scanning for MCP server configurations, ML model artifacts, RAG application code, agent skills, and full agentic systems.

Unified Scanning Coverage
Single platform to scan MCP configurations, ML model artifacts, RAG applications, agent skills, and full agentic systems using a shared policy engine and reporting format
SentraScan-MCP
MCP Configuration Security
- MCP configuration discovery
- Static security validation
- Tool poisoning detection
- Baseline drift monitoring
- Command injection patterns
- Secrets detection
SentraScan-Model
ML Model Artifact Scanning
- Pickle, PyTorch, TensorFlow, ONNX, GGUF
- SafeTensors validation
- Deserialization attack detection
- Unsafe code execution primitives
- Suspicious imports detection
- Integrity checks
SentraScan-RAG
RAG Application Security
- LangChain, LlamaIndex, Haystack support
- Prompt injection exposure
- Tenant isolation failures
- Unsafe agent tool invocations
- Insecure framework defaults
- Configuration misconfigurations
SentraScan-Skill
Agent Skill Scanning
- Skill manifest discovery and validation
- Permission and capability auditing
- Unsafe tool/function exposure detection
- Skill prompt injection vectors
- Cross-skill privilege escalation paths
- Skill provenance and signature checks
SentraScan-Agentic
Agentic System Scanning
- Multi-agent orchestration topology mapping
- Autonomous action and tool-use risk analysis
- Goal hijack and policy bypass detection
- Memory, planner, and loop safety checks
- MCP tool chain abuse paths
- Aligned with CoSAI MCP Security guidance
Key Capabilities
Policy-Based Gating
YAML-based policy engine for severity thresholds, issue blocking rules, allowlists, and module-level enablement. Pass or fail outcomes for CI gates.
Baseline Management
Creates approved snapshots of MCP configurations, model artifacts, agent skills, and agentic system topologies. Detects unauthorized changes using hash-based integrity verification.
SBOM & AI-BOM Generation
Automatic CycloneDX SBOMs for model artifacts plus AI-BOM-style component inventories for agent skills, MCP tool chains, and agentic runtimes — capturing metadata, hashes, and provenance.
Agentic Topology Mapping
Maps multi-agent orchestration, planner loops, memory stores, and MCP tool chains into reviewable graphs so security teams can reason about autonomous-action risk.
Zero Egress Execution
Runs entirely within customer-controlled environments with no external API dependencies. Supports air-gapped and restricted networks.
Automation-Ready
Unified CLI for local developer scanning and CI usage. REST API for programmatic scan execution and results retrieval.
Multi-Tenant RBAC
Enterprise-grade Role-Based Access Control with granular permissions and strict logical isolation across organizations.
Customization & Integration
Filter intelligence by technology stack, scanner, risk, module. API and webhook delivery to SIEM, SOAR, and ticketing platforms.
Audit-Ready Evidence
Scan metadata, policy versions, approvals, and exportable reports for security and compliance stakeholders.
Drift Detection
Detects rug pull style modifications of tools, permissions, or model content. Clear drift reports for change control workflows.
Example Outputs
Comprehensive security reports for engineering and compliance teams
MCP Security Report
- Tool poisoning detection
- Command injection patterns
- Secrets detection
- Drift status against baselines
Model Artifact Report
- Format-specific deserialization risks
- Unsafe primitives
- Suspicious imports
- Integrity checks
RAG Security Report
- Prompt injection exposure
- Tenant isolation findings
- Unsafe agent tool usage
- Configuration issues
Agent Skill Report
- Skill manifest and permission audit
- Unsafe tool/function exposure
- Skill prompt injection vectors
- Provenance and signature checks
Agentic System Report
- Multi-agent topology graph
- Goal hijack and bypass paths
- Planner, memory, and loop safety
- MCP tool chain abuse paths
CycloneDX SBOM & AI-BOM
- Model metadata and hashes
- Skill and tool inventory
- Agent component provenance
- Governance workflows
CI Gate Summary
- Pass or fail decision
- Prioritized findings list
- Rapid remediation guidance
- Policy compliance status
Deployment Models
Docker-First
Fast evaluation and production rollout in customer environments with containerized deployment.
PostgreSQL-Backed
Optional enterprise scale deployment for multi-tenant use cases with persistent storage.
Kubernetes
Standard enterprise platform operations with high availability and scaling support.
Ideal Users
Enterprise AI & Agentic Teams
Deploying AI agents, agent skills, MCP servers, RAG applications, and multi-agent systems that require pre-production security validation.
Security & Risk
Unified, offline-first scanning across AI, agentic, and software supply chains with consistent reports for governance.
ML & Platform Engineering
Fast feedback, clear remediation guidance, and SBOM/AI-BOM evidence for model, skill, and agent promotion.
Regulated Industries
BFSI, telecom, defense, healthcare, and public sector that need audit-ready controls for autonomous AI.
