Sentinel – Open-source MCP security scanner (config, probe, container)

Name: Sentinel – Open-source MCP security scanner (config, probe, container)
Availability: InStock
Author: Siri_D

by Siri_D·Mar 9, 2026·1 point·0 comments

Visit Project View on HN

AI Analysis

●●SolidSolve My ProblemNiche Gem

26 MCP-specific checks with GitHub Actions + SARIF, but confined to emerging protocol ecosystem.

Strengths

•Modular architecture covers static config, live probes, and container inspection without reinventing wheels.
•GitHub Actions + SARIF integration means zero friction to existing CI pipelines and security dashboards.
•Clear rule documentation with severity ratings and remediation guidance reduces triage overhead.

Weaknesses

•MCP ecosystem is still nascent; audience narrows to AI platform builders and agent deployers, not broad dev ops teams.
•No evidence of real-world adoption or false-positive tuning beyond Helixar's own platform experience.

Post Description

sentinel is an open-source CLI + GitHub Action that scans MCP server configurations, live endpoints, and Docker containers for security misconfigurations. It runs 26 detection rules across 3 modules CFG (static config analysis), PRB (live probe), CTR (container inspection) — and outputs in terminal, JSON, SARIF, or HTML. It grew out of our work building Helixar, an AI-native endpoint and API security platform. We kept finding the same MCP misconfigs (no auth, wildcard CORS, plaintext secrets) and wanted a lightweight, composable scanner that CI pipelines could actually use.