Privacy Policy
Last updated: April 2026
1. How the connection works
SentinelOSS connects to your GitHub repository using a webhook โ not OAuth, not a GitHub App, not account login. A webhook means GitHub sends a small push event notification to SentinelOSS when you push code. You do not grant SentinelOSS any login access, write permissions, or account-level visibility. You add the webhook URL to a specific repository in GitHub Settings. That is the entire connection.
2. What we read per push
When you push a commit, SentinelOSS fetches the following โ and only the following:
| What | Why | Stored? |
|---|---|---|
| Commit SHA, repo name, branch, pusher name | Identify the scan | โ Metadata only |
| package-lock.json (top-level only) | CVE check via OSV.dev | โ Discarded after scan |
| Commit diff (added/removed lines) | Guardian AI threat analysis | โ Discarded after scan |
| .github/workflows/*.yml files | Supply chain risk patterns | โ Discarded after scan |
| HTTP response headers from your domain | SSL grade + security headers | โ Not stored |
Nothing else is read. SentinelOSS does not access source files, README files, private branches, issues, pull requests, secrets, environment files, or any file not listed above.
3. What we store
SentinelOSS stores scan results only โ never source code:
- โขCVE counts (critical / high / medium / low)
- โขSSL grade (A+, B, C, F, etc.)
- โขSupply chain risk level (CLEAN โ CRITICAL)
- โขSecurity headers score and grade
- โขLicense risk summary (counts only)
- โขGuardian risk level and finding descriptions (no code snippets)
- โขCommit SHA (7 chars), branch name, pusher username
- โขScan timestamp
Results are stored in your organisation's private database row. No other organisation can see your results.
4. The AI analysis (Guardian)
โ ๏ธ Third-party disclosure
Guardian sends the commit diff to Anthropic's Claude API for security threat detection. This is the only third-party service that receives any content from your code.
- โAnthropic does not train on API data by default โ see Anthropic's Privacy Policy
- โOnly added lines from the diff are sent โ not full files, not the full repository
- โThe diff is truncated to 300 lines maximum before sending
- โThe AI result (a risk assessment) is stored, not the diff itself
5. What we never do
- โNever clone your repository
- โNever store source code
- โNever read files outside the commit diff, package-lock.json, and workflow files
- โNever access private repositories without a GitHub PAT you explicitly provide
- โNever sell or share your data with advertisers or data brokers
- โNever read other branches, PRs, issues, or GitHub settings
- โNever have write access to your repository
6. Webhook security
Every incoming webhook is verified using HMAC-SHA256 signature verification โ the same standard GitHub recommends. Your webhook secret never leaves your control. Only genuine GitHub push events can trigger a scan. Forged or replayed requests are rejected with HTTP 401. You can revoke the webhook from GitHub Settings at any time in one click โ this immediately stops all scanning for that repository.
7. Your controls
| Which repos are monitored | You choose โ per repo, not account-wide |
| Revoke access | Delete webhook in GitHub Settings instantly |
| Delete your data | Delete your SentinelOSS account from the dashboard |
| Disable AI analysis | Contact us โ all other scans continue running |
| Notification channels | Configure in Automation page (Slack, Teams, Telegram) |
8. Contact
Questions about your data or this policy? Open an issue on our GitHub repository or contact us via the SentinelOSS dashboard.