SentinelFlow AI

Every day, developers lose hours manually triaging security vulnerabilities and writing boilerplate patches. SentinelFlow AI is an autonomous DevSecOps agent that doesn't just flag but fixes them.

Comment

๐Ÿ’ก Inspiration In modern DevOps, security is often the "department of NO." Static analysis tools (SAST) generate thousands of warnings, but developers rarely have the time to fix them, leading to massive security debt. We asked ourselves: What if the pipeline didn't just find bugs, but actually fixed them? We wanted to move from "Detection" to "Autonomous Remediation."

๐Ÿค– What it does SentinelFlow AI is an autonomous, multi-agent security pipeline integrated with GitLab.

The Scout Agent: Constant monitoring via GitLabโ€™s Security API to identify new vulnerabilities (like SQL Injection or XSS).

The Architect Agent: Powered by Google Gemini, it analyzes the vulnerable code's context and generates a precise, production-ready patch.

The Result: It automatically creates a remediation report and a code patch, reducing the "Mean Time to Repair" (MTTR) from hours to seconds.

๐Ÿ› ๏ธ How we built it Language: Python 3.11

AI Brain: Google Gemini 2.0/3.0 SDK for high-reasoning code generation.

Orchestration: A custom multi-agent framework where "Scout" handles data retrieval and "Architect" handles logic.

Integration: GitLab API and CI/CD for real-world pipeline execution.

Infrastructure: Dual-Remote Git architecture (GitHub for source, GitLab for Runners).

๐Ÿšง Challenges we ran into The biggest hurdle was Credential Security. During development, we experienced a real-world "Leaked Key" event where our API credentials were automatically flagged and disabled. This forced us to implement a "Zero Trust" architecture, hardening our .gitignore policies and implementing Secret Rotation. It was a stressful moment that ultimately made the project more secure and professional.

๐Ÿ† Accomplishments that we're proud of Agentic Reasoning: Moving beyond simple "Search & Replace" to actual Context-Aware fixes that don't break the application logic.

Hybrid Cloud Sync: Successfully syncing a complex development environment across GitHub and GitLab.

Seamless Integration: Creating a tool that feels like a natural part of a developer's workflow, not an extra burden.

๐Ÿ“š What we learned We learned that building with AI requires more than just a good prompt; it requires defensive programming. Handling 403 errors, managing API rate limits, and ensuring the AI stays "in-bounds" taught us how to build robust, production-grade AI agents rather than just "chatbots."

๐Ÿš€ What's next for SentinelFlow AI Autonomous Merge Requests: Enabling the Architect to automatically open a Merge Request with the fix.

Language Expansion: Moving beyond Python to support Go, Java, and JavaScript remediation.

Feedback Loops: Allowing developers to "rate" a fix so the Architect learns the projectโ€™s specific coding style over time.

Built With

  • github
  • gitlabci/cd
  • gitlabsast
  • googleaistudio
  • googlegemini2.0
  • oswap
  • python
  • python-dotenv
  • pythongitlab
  • vscode
Share this project:

Updates