What devices does SentriFlow support?

SentriFlow supports 12+ network vendors including Cisco IOS/IOS-XE/NX-OS, Juniper JunOS, Aruba OS, Palo Alto PAN-OS, Fortinet FortiOS, Arista EOS, and more. Our parser architecture allows easy extension to new platforms.

Is SentriFlow open source?

Yes! The core validation engine, CLI tool, and default rule set are fully open source under the Apache 2.0 license. Commercial rule packs for specific compliance frameworks (NIST, CIS, PCI-DSS) are available through subscription plans.

Can I use SentriFlow offline?

Yes, SentriFlow supports air-gapped environments. Professional plan subscribers can download offline pack bundles that include all rules and updates, perfect for secure environments without internet access.

How do I integrate SentriFlow with CI/CD pipelines?

SentriFlow outputs results in SARIF format, which is natively supported by GitHub Security, GitLab SAST, Azure DevOps, and other CI/CD platforms. Simply run `sentriflow validate --format sarif` in your pipeline.

Can I create custom rules?

Absolutely! Custom rules can be written in TypeScript for full flexibility or in a declarative JSON format for simpler checks. Custom rules run with the same performance and security guarantees as built-in rules.

What compliance frameworks are supported?

Commercial rule packs include coverage for NIST 800-53, CIS Benchmarks, PCI-DSS, SOC 2, and vendor-specific security baselines. We regularly update rules to match the latest framework revisions.

Open Source Core

We Write the Rules. You Run the Scans.

Name: SentriFlow
Author: SentriFlow

Choose from 500+ production-ready rules, or let us build rules tailored to your organization. Either way, you skip the hard part. The SentriFlow engine is free. The expertise is what you're buying.

Get Started View Documentation

12 vendors • Cloud licensing • Offline support

Built for Enterprise Network Validation

Three core differentiators that set SentriFlow apart from traditional validation tools

Zero-Failure

Fault-Tolerant Parsing

Gracefully handles malformed configurations, incomplete files, and vendor-specific quirks without failing. Extract maximum value from imperfect data.

12 Vendors

Multi-Vendor Support

Native support for Cisco, Juniper, Palo Alto, Fortinet, Arista, Aruba, and 6 more vendors. One tool to validate your entire network estate.

Hybrid Ready

Cloud-Native Licensing

Seamless cloud activation with 24-hour offline grace period. Download offline packs for air-gapped environments when needed.

What's Free? What's Paid?

The Engine is Free Forever

Everything you need to scan and validate configurations. Rule packs give you production-ready rules maintained by experts.

Comparison of features included in the free open-source SentriFlow engine versus paid rule pack subscriptions
Component	Free Forever	Rule Packs
Scanning Engine	Full, unlimited	Same engine
CLI & VS Code	Complete tooling	Same tooling
Example Rules	3-4 per vendor	250-500+ rules
Write Your Own	Unlimited	Plus maintained rules
Compliance Mapping	DIY	Pre-mapped CIS, PCI-DSS, NIST
Updates	N/A	Quarterly + CVE patches

Free Forever Means Forever

The core engine, CLI, VS Code extension, and ability to write unlimited custom rules will always be free and open source. No catch, no trial period, no feature gates.

Rule Packs Save Months

Writing production-grade rules takes deep vendor knowledge and compliance expertise. Our rule packs give you 500+ rules maintained by experts for a fraction of the cost of building them yourself.

Time & Cost Analysis

Why Rule Packs?

You didn't become a network engineer to parse CIS benchmarks.

The Real Cost of DIY Rules

Time investment required to build production-ready validation rules

Cost comparison of building validation rules yourself (DIY) versus purchasing SentriFlow rule pack subscriptions
Scenario	DIY Time	Consultant Cost	Rule Packs
Single VendorBasic coverage	40-80 hours1-2 weeks	$6,000-24,000@$150-300/hr	Deploy in minutes
Multi-Vendor (5 platforms)Cisco, Juniper, Arista, etc.	200-400 hours5-10 weeks	$30,000-120,000@$150-300/hr	$119/monthAll vendors included
Your SavingsMulti-vendor scenario	Months of work	$28,000+	Instant deployment

Time to Value

Start scanning immediately instead of spending weeks researching vendor syntax, compliance requirements, and edge cases.

Predictable Costs

Fixed monthly pricing instead of unpredictable consultant hours. Know exactly what you're paying before you commit.

Expert Maintenance

Rules updated quarterly with new CVE patches, vendor updates, and compliance changes. No ongoing research required.

You didn't become a network engineer to parse CIS benchmarks.

Let us handle the rules so you can focus on securing your network.

Open Source

Built in the Open

The core of SentriFlow is 100% open source under Apache 2.0. Use it freely, inspect the code, contribute improvements, or build your own tooling on top.

Core Engine

@sentriflow/core

Apache 2.0

The heart of SentriFlow. A zero-dependency, high-performance parsing and validation engine that handles multi-vendor configurations with fault tolerance.

View on GitHub

CLI Tool

@sentriflow/cli

Apache 2.0

Command-line interface for running validations, generating SARIF reports, and integrating with CI/CD pipelines. Supports JSON, YAML, and human-readable output.

View on GitHub

VS Code Extension

sentriflow-vscode

Apache 2.0

Validate network configurations directly in VS Code with real-time diagnostics, vendor auto-detection, and rule management. Start validating configs immediately.

View on GitHub

Join our community and help shape the future of network security validation

Explore on GitHub Read the Docs

Extensibility

Create Your Own Rules

Build custom validation rules using TypeScript for complex logic or declarative JSON for simple patterns. Full IDE support, hot reload, and seamless integration.

Why Extensibility Matters

TypeScript Rules

Write powerful validation rules with full TypeScript support, IDE autocompletion, and type safety.

JSON Declarations

Define simple validation rules using declarative JSON format. No coding required for common patterns.

Community Sharing

Share and discover community-created rules through our open-source ecosystem on GitHub.

Hot Reload

Test your rules instantly with hot reload support. See validation results in real-time as you develop.

Pro Tip

Start with JSON rules for quick validations, then upgrade to TypeScript when you need complex logic like cross-section dependencies or dynamic checks.

Example Rules

Create a custom rule to enforce SSH timeout configuration

import { Rule, ConfigContext } from '@sentriflow/core';

export const sshTimeoutRule: Rule = {
  id: 'custom/ssh-timeout',
  name: 'SSH Session Timeout',
  severity: 'warning',

  validate(ctx: ConfigContext) {
    const sshConfig = ctx.findBlock('ip ssh');
    const timeout = sshConfig?.get('time-out');

    if (!timeout || parseInt(timeout, 10) > 60) {
      return {
        message: 'SSH timeout should be 60 seconds or less',
        line: sshConfig?.line,
        fix: 'ip ssh time-out 60'
      };
    }
  }
};

Commercial Rule Packs

Choose Your Coverage Level

From essential security rules to comprehensive framework coverage. All tiers include cloud licensing, CLI access, and VS Code extension.

Prices in AUD

Basic

Essential Security Rules

$35/month

or $350/year (save $70)

>250 rules

Up to 3 activations

Core security validation rules for small teams starting their configuration validation journey. Includes CLI and VS Code extension access.

>250 security validation rules
Common misconfiguration detection
CLI tool access
VS Code extension
Standard email support
Community documentation

Get Started

Popular

Professional

Advanced Framework Coverage

$119/month

or $1190/year (save $238)

~500 rules

Up to 10 activations

Validation rules mapped to major security frameworks. Includes offline pack support for air-gapped environments.

All Basic features (+250 rules)
~250 additional framework rules
Offline packs (30-day validity)
Priority email support
Basic validation reports
Feed selection portal

Framework Coverage

PCI DSS 4.0

NIST 800-53

CIS Benchmarks

SOC 2

ISO 27001

Get Started

Full Access

Enterprise

Custom Validation Suite

Contact Sales

Custom pricing for your needs

Custom rules

Unlimited activations

All framework coverage plus custom rulepack development tailored to your organization. Dedicated support and annual offline packs for mission-critical deployments.

All Professional features & frameworks
Custom rulepack development
Organization-specific validation rules
Annual offline packs (365-day validity)
Custom integrations support
Technical assessment reports

Framework Coverage

PCI DSS 4.0

NIST 800-53

CIS Benchmarks

SOC 2

ISO 27001

Contact Sales

Need Rules Tailored to Your Organization?

Enterprise custom development for rules that match your specific needs. This is real engineering work, not template filling.

Internal security policies specific to your company

Vendor configurations or platforms we don't yet cover

Organization-specific naming conventions and standards

Integration with your existing audit and CI/CD workflows

Contact Sales

FAQ

Frequently Asked Questions

Common questions about validation, compliance, and how Sentriflow helps your organization.

The SentriFlow engine, CLI, and VS Code extension are free forever. You can write unlimited custom rules yourself. Rule packs save you months of work by providing 500+ production-ready rules written and maintained by experts. You're not paying for the engine — you're paying for deep vendor knowledge, compliance expertise, and ongoing maintenance. Think of it like buying a professionally-written cookbook instead of creating every recipe from scratch.

Sentriflow automates the technical validation of your network devices, which is a major part of the PCI-DSS requirements. We provide the evidence you need to show your auditor that your configurations are secure, saving you weeks of manual evidence gathering. Final certification is issued by your Qualified Security Assessor (QSA).

No. Sentriflow is a validation tool that helps you assess and document your configuration posture against industry frameworks. We provide technical control assessments and validation reports. Official compliance certification must come from accredited auditors or certification bodies.

Our Professional tier provides validation rules mapped to NIST 800-53, PCI-DSS 4.0, and CIS Benchmarks. Enterprise tier includes all framework coverage plus custom rulepack development tailored to your organization's specific policies and requirements.

Validation confirms your configurations meet technical requirements — correct settings, proper hardening, no misconfigurations. Compliance is a formal status granted by auditors after reviewing your entire security program. Sentriflow handles validation; compliance requires additional organizational controls, policies, and formal certification.

Multi-Vendor Support

12 Vendors, One Tool

Validate configurations across all major network vendors with a single, unified toolset. From enterprise switches to next-gen firewalls, we've got you covered.

Cisco

Enterprise routing, switching, and data center

IOS

IOS-XE

NX-OS

Juniper

Enterprise and service provider networks

JunOS

Aruba

Campus switching and wireless

AOS-CX

AOS-Switch

WLC

Palo Alto

Next-generation firewalls

PAN-OS

Arista

Cloud networking solutions

EOS

Fortinet

Security-driven networking

FortiOS

Extreme Networks

Enterprise and virtual switching

EXOS

VOSS

Huawei

Global network equipment

VRP

MikroTik

Cost-effective routing

RouterOS

Nokia

Service provider networks

SR OS

NVIDIA

Open network operating system

Cumulus Linux

VyOS

Open source network OS

VyOS

EdgeOS

Don't see your vendor? Request support on GitHub.

The core parser is open source — community contributions welcome!