Disclaimer & Terms of Use

SentinelOSS is a free, best-effort security tool intended to help developers identify potential vulnerabilities and license risks. The results it produces are informational only.

SentinelOSS is not a substitute for professional security audits, penetration testing, or legal counsel. Do not rely solely on SentinelOSS results to make security or business decisions.

Vulnerability data is sourced from third-party databases (OSV.dev, GitHub Advisory DB, NVD). These databases are comprehensive but not exhaustive — zero-day vulnerabilities, privately reported issues, and recently disclosed CVEs may not appear.

SentinelOSS only scans the dependencies it can detect (npm, PyPI, Debian/Ubuntu/RHEL/Alpine packages, container SBOMs). Vulnerabilities in native code, proprietary libraries, or unsupported ecosystems will not be found.

False positives and false negatives are possible. Always verify critical findings independently before taking action.

The Legal / IP scan feature checks dependency licenses and flags potential issues (copyleft licenses, missing LICENSE files, contributor counts). This is an automated, best-effort analysis.

License classification is based on SPDX identifiers and registry metadata, which may be incorrect, outdated, or ambiguous. The legal implications of any specific license in your jurisdiction require review by a qualified attorney.

Do not use SentinelOSS Legal / IP scan results as the sole basis for M&A due diligence, IP transfer agreements, or legal compliance decisions. Always engage qualified legal counsel.

SentinelOSS was built with significant assistance from Claude (Anthropic's AI) and other AI tools. While the code has been reviewed and tested, AI-generated code may contain bugs, edge cases, or security issues.

We make no warranty — express or implied — about the correctness, reliability, or fitness for purpose of this tool.

SentinelOSS does not collect, store, or transmit your scan results, project data, or personal information to any server. All project history is stored locally in your browser's localStorage.

Files you upload for scanning are processed in memory only and are never stored on any server.

GitHub Personal Access Tokens you enter are sent directly to the scan worker for the duration of the scan and are never logged, stored, or shared.

We use no analytics, cookies, or tracking beyond an anonymous visit counter.

SentinelOSS queries external APIs including OSV.dev, GitHub Advisory DB, NVD (NIST), npm registry, and PyPI. The accuracy and availability of results depends on these services.

These services have their own terms of use and privacy policies. SentinelOSS is not affiliated with or endorsed by any of them.

The scan worker runs on Render.com's free tier. Scans may occasionally fail or time out due to infrastructure limitations.

SentinelOSS is provided "as is" without warranty of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement.

In no event shall the developers of SentinelOSS be liable for any claim, damages, or other liability arising from the use of this tool.