Deep Sentinel

Finds what Snyk and CodeQL miss by correlating GitHub PRs, Slack discussions, and codebase architecture to surface deferred fixes and compound risks no code-only scanner can detect.

Comment

## Inspiration
28% of critical security incidents originate OUTSIDE code repositories — in Slack, Jira, and collaboration tools (GitGuardian 2026). Every existing scanner analyzes code in isolation. None of them connect a Slack message saying "skip input validation for the MVP" with the PR that ships an unvalidated payment endpoint.

## What it does

DeepSentinel is an autonomous agent that pulls data from GitHub PRs, GitHub Issues, Slack channels, and codebase architecture simultaneously, then correlates findings across all sources to surface security risks that code-only scanners fundamentally cannot detect.

Key capability: Composite Risk Scoring — a MEDIUM SQL injection scored 100/100 because the team deferred the fix for 3 sprints, it's in the payment module, and it appeared 40 times historically. Snyk calls it MEDIUM. We call it the highest-risk finding in the repo.

## How we built it

7 sponsor integrations working together:

  • Auth0: 4 agentic pillars (Device Flow + Token Vault + CIBA + FGA gatekeeping)
  • Airbyte: 3 connectors (GitHub + Slack + Jira) pulling real data via agent SDK
  • Macroscope: Webhook API for codebase architecture intelligence
  • Ghost: Persistent Postgres with 1,069+ findings, DB forking, schema introspection
  • TrueFoundry: AI Gateway with multi-model routing and fallback chains ($0.003/scan)
  • Aerospike: Real-time cache with batch ops, secondary index queries, TTL expiration
  • Overmind: OverClaw optimization improved prompts from 39.7 to 56.2 (+42%)

## Challenges

  • Airbyte's GitHub connector had a GraphQL template interpolation bug — we found and fixed the root cause (ref parameter needed explicit "HEAD")
  • TrueFoundry's cloud had SSL issues during the hackathon — resolved by using gateway.truefoundry.ai directly
  • Auth0 Device Flow requires a separate native app from CIBA (split-app architecture)

## What we learned

Cross-source intelligence is genuinely powerful. Connecting team discussions with code changes catches risks that pure code analysis misses — not theoretically, but demonstrably. The composite risk scorer that factors in team awareness, deferral history, and architectural criticality produces rankings that no single-source tool can compute.

Built With

  • aerospike
  • airbyte
  • auth0
  • claude-sonnet-4
  • ghost
  • gpt-4o-mini
  • macroscope
  • openai
  • overmind
  • python
  • truefoundry
Share this project:

Updates