SentinelFlow

Autonomous SOC platform that monitors GitLab merge requests, scans for vulnerabilities, assigns CVEs, auto-applies fixes, and posts security reports.

Comment

Inspiration

What it does

How we built it

Challenges we ran into

Accomplishments that we're proud of

What we learned

What's next for SentinelFlow

๐Ÿ›ก๏ธ SentinelFlow โ€” Autonomous Security Operations Center for GitLab

SentinelFlow is a multi-agent security platform that runs inside your GitLab projects. When a developer opens or updates a merge request, SentinelFlow automatically:

  1. Classifies the event โ€” determines if the change is worth scanning (not noise like docs or test files)
  2. Scans for vulnerabilities โ€” runs nuclei, ffuf, and subfinder in parallel against code diffs, URLs, and domains
  3. Assigns CVE records โ€” scores severity with CVSS v3.1, infers CWE category, deduplicates findings
  4. Applies fixes โ€” generates parameterized query fixes or creates a dedicated GitLab branch with a patch
  5. Notifies โ€” posts a formatted security report directly on the MR (also Slack, Discord, email)

๐Ÿ”ฌ The Pipeline

GitLab MR/push โ†’ Monitor โ†’ Scanner โ†’ CVE โ†’ Fix โ†’ Notify โ†’ MR Comment

Five function-based agents communicate via typed dict payloads through a single SentinelFlow orchestrator. No message queue. No separate services. Just Python.

โœจ Key Features

Feature Details
๐Ÿ” Auto-scan Triggered by MR opened/updated or push events
โšก Parallel scanners nuclei, ffuf, subfinder run concurrently
๐Ÿท๏ธ CVE assignment CVSS v3.1 scoring with SF-{YEAR}-{N} IDs
๐Ÿ”ง Auto-fix Creates real GitLab branch + commit + MR for eligible CVEs
๐Ÿ’ฌ MR comments Detailed markdown security reports posted to your MR
๐Ÿ“Š Dashboard FastAPI UI for scan history
๐Ÿ”” Multi-channel GitLab MR comment, Slack, Discord, Email

๐Ÿ—๏ธ Architecture

  • Monitor Agent โ€” GitLab webhook receiver, event classification, target extraction (<500ms response)
  • Scanner Agent โ€” spawns nuclei/ffuf/subfinder in parallel, parses results
  • CVE Agent โ€” CVSS v3.1 scoring, CWE inference, deduplication, immutable JSON records
  • Fix Agent โ€” generates fix templates, creates GitLab branches + commits + MRs via API
  • Notify Agent โ€” formats security reports, fires GitLab comments, Slack, Discord, email in parallel

All agents communicate via typed dicts. Swarm mode scales to 100+ concurrent agents for batch scanning.

๐Ÿงช Demo

A 143-second narrated demo video is included with this submission showing:

  • Real GitLab webhook trigger (<500ms response)
  • Parallel scanner execution (nuclei + ffuf + subfinder)
  • CVE assignment (CRITICAL 9.8 CVSS)
  • Real GitLab branch + MR creation via API
  • Security report posted directly on the merge request

๐Ÿ› ๏ธ Tech Stack

  • Language: Python 3
  • Dashboard: FastAPI + vanilla JavaScript
  • Scanners: nuclei, ffuf, subfinder (industry-standard security tools)
  • API: GitLab REST API v4
  • CORS: Local Python proxy for GitLab API access
  • Multi-agent: sessions_spawn (up to 100 concurrent agents via Swarm mode)

๐Ÿ“ Repository

Primary: GitLab (access pending โ€” submitted March 21, 2026)

Fallback/Development: http://localhost:3000/alfie/sentinel-flow (Gitea)

๐Ÿ‘ค Built By

Alvin Chang โ€” Good CISO Limited

  • goodciso.org
  • GitLab AI Hackathon Participant

Built With

  • fastapi
  • ffuf
  • gitlab-rest-api-v4
  • nuclei
  • python
  • subfinder
  • vanilla-javascript
Share this project:

Updates