BETA Launching April 2026 — 25% off for early access! Request Demo

Stop chasing 250,000 CVEs
Focus on the ones being exploited

Only ~1,484 CVEs are actively exploited in the wild — that's 0.6% of the NVD. SentriKat tracks CISA KEVs and ENISA EUVD exploited vulnerabilities against your inventory, with zero-day intelligence that alerts you the moment an unpatched threat hits your stack. Enriches CVSS from 3 independent sources with auto-fallback, and generates NIS2 Article 21 compliance reports out of the box. Multi-platform agents for Windows, Linux, and macOS — scanning OS packages, containers, browser extensions, IDE plugins, and code dependencies. Plus SIEM integration and executive PDFs. 100% on-premises. €2,499/yr, everything included.

1,484+
Active KEVs
7
Code Ecosystems
6+
Intelligence Sources
100%
On-Premises
10K+
Agents Supported
Request Demo Documentation
Swiss privacy standards
NIS2 reporting built-in
Your data stays yours
Auditable source code
OWASP ASVS L1
SentriKat Dashboard
12
Critical
28
High
45
Medium
156
Products
CRITICAL CVE-2024-3400
Palo Alto PAN-OS
HIGH CVE-2024-21887
Ivanti Connect Secure
MEDIUM CVE-2024-1709
ConnectWise ScreenConnect
Features

Everything you need to manage vulnerabilities

Built for security teams who need to cut through the noise and focus on real threats.

Core Feature

CISA KEV Focus

Stop drowning in 250,000+ CVEs. Focus exclusively on the ~1,484 vulnerabilities CISA has confirmed are being actively exploited in the wild.

CVE-2024-3400
CRITICAL
CVE-2024-21887
HIGH
248,500+ other CVEs
FILTERED

Only actively exploited vulnerabilities. No noise.

New

Zero-Day Intelligence

Instant alerts when a zero-day vulnerability affects software in your inventory. Aggregates disclosures from CISA emergency directives, vendor security advisories, and threat intelligence feeds. Dedicated tracking dashboard separates unpatched zero-day threats from regular KEV entries.

CVE-2024-3400 PAN-OS Command Injection
0-DAY
CVE-2024-21887 Ivanti Connect Secure RCE
0-DAY
CVE-2024-1709 ScreenConnect Auth Bypass
PATCH AVAIL
3
Active 0-Days
7
Patch Available
24
Endpoints Hit
Unique

Vendor Advisory Sync

Queries OSV.dev, Red Hat, Microsoft MSRC, and Debian feeds daily. Automatically detects when vendors have patched vulnerabilities. Zero manual work.

OSV.dev synced 2m ago
Red Hat Security API synced 2m ago
Microsoft MSRC synced 15m ago
Debian Security Tracker synced 15m ago
Unique

Three-Tier Confidence

AFFECTED (red), LIKELY RESOLVED (amber), RESOLVED (green). Never silently hides a potential vulnerability. Vendor patch detection eliminates the most common source of false positives.

AFFECTED No vendor fix detected
LIKELY RESOLVED Vendor fix detected
RESOLVED Fix confirmed via version check
Flexible

Software Inventory

Native agents for Windows, Linux, and macOS with distro-native version comparison (dpkg, RPM, APK). Integrates with Lansweeper, PDQ Deploy, SCCM, Intune, REST API, and CSV import.

Windows
Agent
Linux
Agent
macOS
Agent
Lansweeper
Sync
SCCM
Intune
REST
API
New

Endpoint & Container Scanning

Native agents for Windows, Linux, and macOS scan endpoints and container images in one pass. Detect OS packages, installed applications, and container vulnerabilities across your entire infrastructure.

$ sentrikat-agent status
Windows — 142 products collected
Linux — 87 packages (dpkg)
macOS — 63 applications
Containers — 12 images scanned
nginx:1.25 — 0 vulnerabilities
app:latest — 1 CRITICAL, 3 HIGH

Windows, Linux, macOS, Docker & Podman — one agent

New

Code Dependency Scanning

Find known vulnerabilities in your open-source dependencies before they reach production. 11 lockfile formats across 7 ecosystems — powered by Google's OSV.dev database. Exact version matching from lockfiles means zero false positives, not CPE guessing. CI/CD native with GitHub Actions, GitLab CI, and Jenkins gate support.

7 Ecosystems · 11 Lockfile Formats
Node.js package-lock.json · yarn.lock · pnpm-lock.yaml
Python Pipfile.lock · poetry.lock
Rust Cargo.lock
Go go.sum · go.mod
Ruby Gemfile.lock
PHP composer.lock
.NET packages.lock.json
OSV.dev
Powered
CI/CD
Native
EPSS+KEV
Prioritized

Zero false positives · exact version matching from lockfiles

Smart

Intelligent Matching

Multi-method CVE matching using CPE identifiers, vendor+product combinations, and keyword analysis with confidence scoring.

CPE Match 98%
Vendor + Product 85%
Keyword Analysis 72%
Pro

Notifications & Alerting

Email alerts with daily/weekly digests, Slack/Teams/Discord webhooks with HMAC-SHA256 signing, and custom alert rules by priority, organization, or product criticality. 3-tier escalation policies for unacknowledged critical vulnerabilities.

Email AlertsDaily & weekly digests
🔌
WebhooksSlack / Teams / Discord
🎯
Issue TrackersJira / GitHub / GitLab / YouTrack
⚠️
Escalation Policies24h / 72h auto-escalation

KEV match, due date, ransomware, agent offline & more

Pro

Multi-Tenant & White-Label

Isolated organizations with role-based access control and white-label branding. Customize your app name, logo, and colors in Admin Panel — branding applies to both the web UI and exported compliance documents. Perfect for MSPs or enterprises with multiple business units.

Org: Acme Corp
3 admins · 12 viewers · 847 products
Org: Beta Industries
1 admin · 5 viewers · 231 products
Org: Gamma GmbH
2 admins · 8 viewers · 502 products
Privacy

Self-Hosted & Air-Gapped

Your data stays with you. Deploy on your own infrastructure with Docker — including fully air-gapped environments. Built-in backup/restore and TOTP two-factor authentication.

# Your infrastructure, your data
$ docker compose up -d
Creating sentrikat-db   ... done
Creating sentrikat-app ... done
Creating sentrikat-web ... done
✓ SentriKat running on https://localhost
✓ Air-gapped & TOTP 2FA ready
New

Compliance Reporting

NIS2 Article 21 and CISA BOD 22-01 compliance integrity reports with built-in cryptographic verification. One-click download delivers a complete report with audit trail, attestation, and tamper-detection hashes. White-label branding included for Pro licenses.

EU
NIS2 Article 21 Compliance integrity report
US
CISA BOD 22-01 KEV deadline tracking
Cryptographic Attestation Tamper-detection hashes
PDF
Executive Summary Risk score, KPIs & audit trail

One-click download · white-label branding on exports

New

SIEM Integration

Stream vulnerability events to your SIEM via syslog in CEF, JSON, or RFC 5424 format. Native support for Splunk, Elastic/ELK, ArcSight, and QRadar.

CEF:0|SentriKat|VulnMgmt|1.0|KEV_MATCH|
severity=Critical cve=CVE-2024-3400
product=PAN-OS status=AFFECTED
dst=siem.company.local:514
Splunk
ELK
ArcSight
QRadar
New

Multi-Source Intelligence

CVSS scores from 3 independent sources (NVD, CVE.org/Vulnrichment, ENISA EUVD) with automatic fallback. Exploited vulnerability data from both CISA KEV and EUVD. Every score carries a provenance tag.

CVSS Fallback Chain
NIST NVD PRIMARY
miss?
CVE.org + Vulnrichment SECONDARY
miss?
EU ENISA EUVD TERTIARY
Every score tagged: cvss_source: "nvd" | "cve_org" | "euvd"
Intelligence

EPSS Scoring

Integrates FIRST's Exploit Prediction Scoring System to prioritize vulnerabilities most likely to be exploited.

CVE-2024-3400
97.2%
CVE-2024-1709
82.1%
CVE-2024-0012
44.8%

Exploit probability in next 30 days

Automatic

Background Sync

Automatic scheduled tasks keep your data current without manual intervention. CISA KEV, EUVD, and vendor advisories sync daily, EPSS scores update regularly, and NVD CPE dictionary refreshes weekly. Configurable cron schedules.

CISA KEV Sync
Daily at 2 AM
ENISA EUVD Sync
Daily (EU)
Vendor Advisories
Daily (4 feeds)
EPSS Scores
Daily
NVD CPE Dictionary
Weekly (~50K entries)
License Check
Every 6 hours

All tasks start on boot. Custom cron schedules supported.

New

Agent Management

Server-side agent configuration, minimum version enforcement, and heartbeat monitoring. Agents check in regularly and receive configuration updates automatically. MDM-compatible deployment for macOS (Jamf, Kandji, Mosyle).

win-srv-01
v1.0.2 — online
ubuntu-app-03
v1.0.2 — online
macbook-dev-07
v1.0.2 — online
rhel-db-02
v1.0.1 — update available

Heartbeat monitoring, config push & version enforcement

Pro

Authentication & SSO

Enterprise authentication with Active Directory, LDAP, SAML 2.0, and TOTP two-factor authentication. Centralized user management.

AD Active Directory / LDAP
SA SAML 2.0 SSO
2F TOTP Two-Factor Auth
New

System Health Checks

10 automated health checks run every 30 minutes — database, disk space, workers, CVE sync freshness, agent heartbeats, and more. Email notifications and in-app alerts surface critical issues before they escalate.

Database
Healthy
CVE Sync
Fresh (2h ago)
Background Workers
Running
Disk Space
Warning (82%)

10 checks · every 30 min · email & in-app alerts

New

Enterprise Scale

Tested to 10,000+ agents. Concurrent worker pool, configurable database tuning, exponential backoff retry, and built-in load testing. Tune deployment size via environment variables — no code changes needed.

# Enterprise sizing (.env)
GUNICORN_WORKERS=16
WORKER_POOL_SIZE=16
DB_POOL_SIZE=20
PG_MAX_CONNECTIONS=800
✓ 10,000+ agents supported
16
Workers
5x
Auto-Retry
800
DB Conns

Tune via env vars · no code changes

New

Built-in Admin Tools

GUI log viewer with 7 log types, full-text search, and download. Interactive API documentation via Swagger UI. Built-in troubleshooting guide with Docker commands and common scenarios. No SSH required.

LOG
System Log Viewer 7 log types · search & download
API
Interactive API Docs OpenAPI / Swagger UI
OPS
Admin Guide Troubleshooting & Docker cheat sheet
AUD
Audit Logs Full user activity trail

Swipe tabs or tap to explore

Why SentriKat

Most scanners tell you what's wrong.
SentriKat tells you what's actually fixed.

Traditional vulnerability scanners generate thousands of alerts with no context on which ones are already resolved by vendor patches. SentriKat automatically tracks vendor advisories so you only act on what's real.

4
Vendor feeds synced daily
50K+
CPE mappings in KB
3
Confidence tiers
NIS2
Article 21 reports built-in

Automatic Vendor Advisory Sync

SentriKat queries 4 vendor feeds daily and cross-references them against your inventory. When Red Hat backports a fix or Microsoft pushes a KB, SentriKat knows automatically.

OSV.dev (open-source advisories)
Red Hat Security API
Microsoft MSRC
Debian Security Tracker
How it works
RH MS OS DB
SentriKat
12
Affected
28
Likely Resolved
156
Resolved

Three-Tier Confidence System

Every vulnerability gets a confidence tier based on automated vendor analysis. Amber items stay visible for legal compliance. Green items are auto-acknowledged.

AFFECTED No vendor fix detected
LIKELY RESOLVED Vendor fix detected, not verified
RESOLVED Fix confirmed via version check

Distro-Native Version Comparison

SentriKat understands how your OS compares package versions. No generic string comparison -- real package manager logic for accurate results.

Debian / Ubuntu (dpkg)
2.31-13+deb11u7 > 2.31-13+deb11u5
RHEL / CentOS (RPM)
4.18.0-425.19.2.el8_7 > 4.18.0-425.3.1
Alpine (APK)
1.36.1-r15 > 1.36.1-r2

Everything Included. No Add-Ons.

Windows, Linux, macOS, container scanning, SIEM integration, NIS2 compliance reports, and executive PDFs — all included in the Professional Edition. No separate modules, no hidden costs.

Typical Enterprise Scanner

$10,000+/yr

Per module add-on

SIEM + Compliance

Extra modules

Custom pricing

SentriKat

All Included

€2,499/yr Professional

OWASP ASVS Level 1 OWASP Top 10 Mitigated CWE Top 25 Mitigated Security Headers Hardened 12-Factor App Followed
How It Works

From deployment to protection in minutes

SentriKat is designed to be simple. No complex setup, no steep learning curve.

01

Deploy SentriKat

Self-host with Docker in minutes. Single command to get started. Your data, your infrastructure.

docker compose up -d
02

Import Your Inventory

Deploy agents on Windows, Linux, or macOS. Integrate with Lansweeper, SCCM, Intune, or import a CSV.

# Windows Agent
.\sentrikat-agent.ps1 -Install
03

Automatic Matching

SentriKat syncs CISA KEV + ENISA EUVD daily and enriches CVSS scores from NVD, CVE.org, and EUVD with automatic fallback. No single point of failure.

# Daily sync at 2 AM UTC
[KEV] 3 exploited vulns matched
[EUVD] 1 EU-flagged vulnerability
[CVSS] NVD -> CVE.org -> EUVD fallback
04

Multi-Platform Scanning

Native agents for Windows, Linux, and macOS collect installed software. On endpoints running Docker or Podman, container images are automatically scanned too.

# Windows: 142 products detected
# Linux: 87 packages (dpkg)
# macOS: 63 applications
# Containers: 12 images scanned
[OK] 3 HIGH, 1 CRITICAL found
05

Act on Real Threats

Get alerted via email, Slack, or SIEM. Create Jira/GitHub issues automatically. Prioritize by severity, due dates, and ransomware indicators.

# Critical: CVE-2024-3400
# Due: 7 days | Ransomware: Yes
# -> Jira SK-142 created, SIEM notified
Pricing

Simple, transparent pricing

Start free, upgrade when you need more. Annual subscription with multi-year discounts.

DEMO

Free forever

Evaluate the platform with limited features

  • 1 User
  • 1 Organization
  • 50 Products
  • 5 Agents (Windows, Linux, macOS)
  • Container Image Scanning (Docker & Podman)
  • Daily KEV Sync
  • Basic Dashboard
  • CSV Import
  • Docker Deployment
  • Multi-tenant
  • Email Alerts + Webhooks
  • LDAP/AD/SAML SSO
  • Priority Support
Request Demo
Most Popular

PRO

€2,499 /year

Full-featured license with annual subscription

  • Unlimited Users
  • Unlimited Organizations
  • Unlimited Products
  • 10 Agents included (Windows, Linux, macOS)
  • Container Image Scanning (Docker & Podman)
  • Daily KEV Sync + Vendor Advisory Sync
  • Background Sync (KEV, EPSS, CPE, Advisories)
  • Three-Tier Confidence System
  • Notifications, Digests & Escalation Policies
  • Agent Heartbeat, Config Push & Auto-Update
  • NIS2 Article 21 Compliance Reports
  • CISA BOD 22-01 Deadline Tracking
  • Executive Summary PDF + CSV/Excel Export
  • SIEM/Syslog Integration (Splunk, ELK, QRadar)
  • Jira, GitHub, GitLab, YouTrack Integration
  • Multi-tenant + White-Label Branding
  • LDAP/AD/SAML SSO + TOTP 2FA
  • Air-gapped deployment + Backup/Restore
  • Enterprise-scale architecture (10,000+ agents)
  • Updates included for subscription duration
Request Demo

Multi-Year Discounts

Commit for longer, pay less. Save up to 15% with a 3-year subscription.

Duration Discount Annual Price Savings
1 Year Full price €2,499/yr
2 Years 10% off €2,249/yr Save €500
3 Years Best value 15% off €2,124/yr Save €1,125

Agent Packs

Need more agents? Add capacity to your PRO subscription. Container scanning included with every agent.

+25 Agents
€499/yr
+50 Agents
€899/yr
+100 Agents
€1,499/yr
Unlimited Agents
€2,199/yr
Priority Support
Dedicated support with 4h response time
€499/yr

What changes with SentriKat

Stop spending hours on manual triage. Here's what your team gets on day one.

Without SentriKat With SentriKat
CVEs to triage 250,000+ (all known CVEs) ~1,484 actively exploited KEVs
CVE triage time 40+ hours/month manual work Automated daily — minutes, not hours
False positive rate High noise from generic scanners Vendor patch detection filters resolved CVEs
Vendor patch tracking Manual checks across 4+ sources 4 feeds synced automatically every day
Container scanning Separate product ($5,000+/yr) Docker & Podman — included
SIEM integration Paid add-on ($3,000+/yr) Built-in (CEF/JSON/RFC 5424)
SSO / LDAP / 2FA Enterprise tier only Included in Pro
NIS2 / DORA reporting Build reports manually NIS2 Article 21 reports + Executive PDF
Total annual cost $10,000 – $50,000+ €2,499 — everything included

Questions about licensing or need a custom solution?

Contact our sales team
FAQ

Frequently asked questions

Everything you need to know before requesting a demo.

Still have questions?

Request a Demo Or email us directly

Request a Demo

See SentriKat in action. Our team will walk you through the platform and answer your questions.

Get in Touch

Have questions? We'd love to hear from you. Send us a message and we'll respond as soon as possible.

Email

General inquiries

[email protected]

Sales

Pricing and licensing

[email protected]

Support

Technical assistance

[email protected]