FAQ
Frequently asked questions
Everything you need to know about Early Access and the platform.
SentriKat is currently in Early Access — all plans and features are available for free while we finalize our commercial offering. Here's what that means:
- Free access — No credit card required, no time limit. Both Cloud (SaaS) and on-premises deployments are free.
- Limited capacity — We're accepting up to 30 Cloud organizations and 15 on-premises licenses during this phase.
- Plan limits apply — Early Access is free on every plan, each with that plan's own limits (up to 50 agents on Business). Full feature access on all plans.
- What happens next — When pricing goes live, you'll be notified in advance. Early Access users will get priority and a loyalty discount.
Yes — SentriKat is available in two modes, both free during Early Access:
- Cloud (SaaS) — Managed platform at
app.sentrikat.com. No infrastructure to manage. Free during Early Access on your chosen plan's limits (up to 50 agents on Business). - On-Premises — Deploy on your own infrastructure via Docker Compose. Your data never leaves your network. Air-gapped deployments fully supported.
Three key differences:
- Focus — SentriKat tracks confirmed exploited vulnerabilities, not all 250,000+ CVEs. This eliminates 99.4% of the noise.
- Vendor patch detection — Queries 4 vendor feeds daily and automatically marks vulnerabilities as resolved when a patch is available. Most scanners can't do this.
- Price — Free during Early Access. After launch: Pro at €249/mo (Cloud) or €4,999/yr (on-premises) vs. $10,000+ per module with enterprise scanners.
SentriKat monitors your full software stack with lightweight agents on Windows, Linux, and macOS:
All inventory is matched against our exploited vulnerability intelligence and enriched with vendor patch data — synced automatically via background tasks.
SentriKat does not perform network-based vulnerability scanning — it focuses exclusively on known exploited vulnerabilities in your installed software.
- OS packages & applications — Installed software inventory (dpkg, RPM, WMI, Homebrew, system frameworks)
- Containers — Docker and Podman container images scanned automatically using Trivy
- Browser extensions — Chrome, Edge, and Firefox extensions matched against CVE databases
- IDE plugins — VS Code and JetBrains plugins inventoried and checked for known vulnerabilities
- Code dependencies — 13+ lockfile formats across 8 ecosystems: Node.js (package-lock.json, yarn.lock, pnpm-lock.yaml), Python (Pipfile.lock, poetry.lock, requirements.txt, uv.lock), Rust (Cargo.lock), Go (go.sum, go.mod), Ruby (Gemfile.lock), PHP (composer.lock), .NET (packages.lock.json), and Java (Maven). Version-aware matching minimizes false positives, with an explicit confidence level on every match.
All inventory is matched against our exploited vulnerability intelligence and enriched with vendor patch data — synced automatically via background tasks.
SentriKat does not perform network-based vulnerability scanning — it focuses exclusively on known exploited vulnerabilities in your installed software.
SentriKat includes a built-in Software Composition Analysis (SCA) scanner that finds known vulnerabilities in your open-source dependencies:
- 13 lockfile formats, 8 ecosystems — Node.js (npm/yarn/pnpm), Python (pip/poetry/uv), Rust, Go, Ruby, PHP, .NET, and Java (Maven) — all in a single tool
- The same vulnerability database behind
npm auditandpip-audit— with exact version matching - Version-verified matches — exact version matching from lockfiles, not CPE guessing
- CI/CD native — works with GitHub Actions, GitLab CI, and Jenkins. Use
--fail-on criticalto gate deployments - Predictive prioritization — rank vulnerabilities by real-world exploitation probability, not just CVSS scores
- Self-hosted — results stay in your infrastructure. Only package names leave your network for lookups (no source code)
npm audit, it's not limited to a single ecosystem. Unlike Trivy, it's purpose-built for SCA — not bolted onto container scanning.
SentriKat includes dedicated zero-day intelligence that goes beyond standard KEV tracking:
- Zero-day alerting — Instant notifications when a newly disclosed zero-day (a CVE with no available patch) matches software in your inventory. Alerts via email, Slack, Teams, or any configured webhook.
- Zero-day intelligence feed — Aggregates zero-day disclosures from government emergency directives, vendor security advisories, and European exploited vulnerability lists.
- Zero-day tracking dashboard — Dedicated view to track unpatched zero-day vulnerabilities separately from regular KEV entries. See which endpoints are affected, monitor patch availability, and track remediation timelines.
Yes — fully air-gapped deployments are supported:
- License activation can be done offline
- KEV knowledge base can be imported manually via file transfer
- Agents communicate only with your local SentriKat server — no internet access required from endpoints
During Early Access, support is provided via email and tickets through the Customer Portal. We read every message and respond as quickly as possible.
Dedicated support tiers — including priority SLA, phone support, scheduled calls, onboarding sessions, and custom support agreements — will be available when Early Access ends. Early Access participants will be first in line for upgraded support.
Dedicated support tiers — including priority SLA, phone support, scheduled calls, onboarding sessions, and custom support agreements — will be available when Early Access ends. Early Access participants will be first in line for upgraded support.
SentriKat ships signed gap-analysis reports for five frameworks out of the box:
SentriKat also exports Software Bills of Materials in CycloneDX 1.5, SPDX 2.3 and STIX 2.1 — ready for the EU Cyber Resilience Act (mandatory from 11 September 2026) — plus VEX, SARIF 2.1, CSAF 2.0, ServiceNow VR and per-distro patch-list exports.
Learn more about NIS2 compliance.
- NIS2 Article 21 — vulnerability handling evidence for Art. 21(2)(e)
- CISA BOD 22-01 — KEV remediation deadline tracking
- DORA — ICT vulnerability management for the EU financial sector
- PCI-DSS v4.0 — Requirements 6.3 and 11.3 (available via the Compliance Pack)
- ISO/IEC 27001:2022 — Annex A.8.8, A.8.16 and A.5.24 (via the Compliance Pack)
- SOC 2 — CC6.6, CC7.1, CC7.2 and CC7.4 (via the Compliance Pack)
SentriKat also exports Software Bills of Materials in CycloneDX 1.5, SPDX 2.3 and STIX 2.1 — ready for the EU Cyber Resilience Act (mandatory from 11 September 2026) — plus VEX, SARIF 2.1, CSAF 2.0, ServiceNow VR and per-distro patch-list exports.
Learn more about NIS2 compliance.
Yes — SentriKat natively integrates European vulnerability databases mandated by NIS2 Article 12. This provides:
- EU exploited vulnerability tracking — dual-continent coverage combining US and EU government threat catalogs
- Multi-source severity scoring — automatic enrichment from multiple independent sources with failover
- Per-CVE source attribution — every score includes a
cvss_sourcetag so you know exactly where severity data comes from
SentriKat is designed for European data sovereignty:
- On-premises option — deploy on your own EU-based infrastructure with zero cloud dependency
- Cloud hosted in Europe — managed platform with EU data residency
- European-engineered — developed in Europe under GDPR and equivalent Swiss FADP data-protection standards
- Multi-source intelligence — combines US and EU government threat intelligence locally, so you're not solely dependent on any single country's infrastructure
Yes — SentriKat includes multi-tenant support with:
- Isolated organizations with role-based access control
- Separate inventories, dashboards, and reports per client
- White-label branding — customize with your own logo and colors
All integrations are included in the Pro license at no extra cost:
- Notifications — Email alerts with daily/weekly digests, Slack, Microsoft Teams, Discord webhooks (HMAC-SHA256 signed), custom alert rules, and 3-tier escalation policies
- Issue tracking — Jira, GitHub Issues, GitLab Issues, YouTrack
- SIEM — Syslog in CEF, JSON, or RFC 5424 format (Splunk, ELK, ArcSight, QRadar)
- Inventory import — Lansweeper, PDQ Deploy, SCCM, Intune, REST API, CSV
- Authentication — Active Directory, LDAP, SAML 2.0, TOTP 2FA
- Agent management — Heartbeat monitoring, server-side config push, minimum version enforcement, MDM-compatible macOS deployment (Jamf, Kandji, Mosyle)
Your SentriKat license is perpetual — the software continues to work indefinitely.
If your annual subscription (which covers updates and support) expires:
If your annual subscription (which covers updates and support) expires:
- You keep using the last installed version
- You won't receive new features, security patches, or technical support
- Your data and configuration are never affected
SentriKat scales from small teams to enterprise deployments with 10,000+ agents. Performance is tuned via environment variables — no code changes needed, just adjust and restart.
Deployment sizing guide:
For 10K+ agent deployments, run multiple SentriKat containers behind a load balancer and let your orchestrator (Docker Swarm, Kubernetes) scale replicas.
Deployment sizing guide:
- Small (<100 agents) — 4 Gunicorn workers, 2 background threads, 5 DB pool connections
- Medium (100–1K) — 8 workers, 4 threads, 10 DB connections
- Large (1K–5K) — 12 workers, 8 threads, 15 DB connections
- Enterprise (5K–10K+) — 16 workers, 16 threads, 20 DB connections
For 10K+ agent deployments, run multiple SentriKat containers behind a load balancer and let your orchestrator (Docker Swarm, Kubernetes) scale replicas.
Still have questions?