Most security tools flood you with alerts. Celvex Sentry proves which ones are real by chaining them into working attacks — the same way a human adversary would move through your system. A Temporal-orchestrated wave pipeline drives 320+ family-scanner tests through scope-bound durable workflows, dispatches 60+ exploit chains across 9 finding families, and ships every result as a Proof Capsule with a one-command replay.sh your team can execute themselves. The catalog isn't static: every night, our researchers and AI sleuths mine fresh CVEs, patch diffs, and real-world breach reports for new scenarios — so coverage grows the same way attacker tradecraft does.
Each team has one job and does it well. Together they cover every angle — offense, defense, governance, compliance, infrastructure, supply chain — so nothing falls between the seams the way it does with one-purpose scanners. Unfamiliar acronyms? See the plain-English glossary.
Offensive: web, API, LLM, injection, exploit chains. Safely attacks like a real adversary would — database injection (SQLi), cross-site scripting (XSS), authentication bypass, server takeover (RCE), request forgery (SSRF), plus every entry on the CISA KEV list.
IR + monitoring + detection + STIX + evasion. Runs a real attack and checks whether your security logbook (SIEM) actually caught it. Maps to the MITRE ATT&CK framework so your board sees coverage in a language they already know.
Compliance: PCI, NIST, HIPAA, DORA, NIS2. Maps every finding to the framework your auditor will cite — PCI-DSS, HIPAA, SOC 2, ISO 27001, CIS benchmarks, NIST CSF.
TLS, AWS, K8s, GCP, Azure, infra. Inspects the underlying plumbing: encryption (TLS), naming (DNS), cloud permissions (IAM) across AWS / Azure / Google Cloud, Kubernetes clusters, edge networks (CDN).
EDR, SIEM, WAF, defender stack. Proves your bouncers actually do their job — web-firewall (WAF) rules, endpoint guard (EDR) response, alerting thresholds, all under simulated attack, not on paper.
Supply chain, SBOM, OSS, RAG, packages. Reads your software's ingredient list (SBOM): third-party dependencies, build-pipeline safety, container images, AI/ML model provenance.
Governance, access, training, vendor risk. Audits the policies, process, and oversight behind your technology: who can approve what, access-review cadence, vendor-management discipline, zero-trust readiness.
A traditional scanner files four "informational" tickets and moves on. Celvex Sentry delivers one proven-exploitable chain — the exact sequence an attacker would run, mapped to one of 9 finding families, shipped as a Proof Capsule with a runnable replay.sh. Here's a real example we've flagged in the wild:
Inside our scoped sandbox, the chain engine confirms the takeover is technically possible. Against your own assets we only verify the possibility — we never actually claim the subdomain.
CELVEX Group/auth/config.jsonThe front-end site was deployed with an admin-scope access key baked into a publicly-served config file. That key alone unlocks the back-end.
/admin/debugThe debug endpoint exposes a remote-login key (SSH) intended for internal automation. The corresponding server is reachable from the public internet.
A reverse shell spawned as www-data, the whoami command returned successfully, then exited cleanly. The full working demo (proof-of-concept) ships attached to the finding. No customer systems were touched beyond read-only confirmation.
Time from scan start to confirmed server takeover: 18 seconds, fully automated. A scanner without chain logic would have filed "CNAME dangling — Low severity" and moved on. That's the gap Celvex Sentry closes.
Celvex Sentry is the adaptive brain that sits between the seven scanner teams and your dashboard. It runs on Temporal-orchestrated durable workflows so every scan is resumable, scope-bound, and auditable end-to-end. Four things set it apart from code-reading tools (SAST), surface probers (DAST), perimeter bouncers (WAF), and static rule-runners:
When a test proves exploitable, Celvex Sentry automatically dispatches the next finding wave. No human triage, no waiting-room queue. If step one proves RCE-adjacent, step two is already running. 60+ chains across 9 finding families.
Every confirmed finding ships as a Proof Capsule: scope-bound inputs, a deterministic transcript, and a one-command replay.sh your team executes themselves. Stop debating findings — re-run them.
Six signals decide which of the 320+ family-scanner tests run: government priority list (CISA KEV), your tech stack, your scan history, known-good patterns across customers, your plan baseline, and knowledge-graph relevance. Result: zero wasted "SKIPPED" or "ERROR" lines in your report.
Open criticals compress your re-scan schedule by up to 50%. Clean scans stretch it back out. You never miss a fast-moving window, and you never pay for scans you don't need.
Every plan runs the same 5,800+ deep-inspection catalog — and it grows every night as we mine fresh CVEs, patches, and real-world breach reports for new scenarios. Plans differ in how often scans run and how fast open criticals get re-checked.
| Plan | Full scan | Critical re-check | What you see |
|---|---|---|---|
| Free Exposure Check | Single scan | – | One-shot report · live dashboard · PDF |
| Sentinel | Every 7 days | Weekly | Weekly report · basic dashboard · top findings · Slack/Linear/GitHub integrations (Q2 2026) |
| Fortress | Every 1 day | Daily + hourly recon diffs | Daily report · AI knowledgebase · hardening chain-of-commands · dedicated researcher channel · v1 integrations included · Jira/Teams/ServiceNow as Enterprise add-ons |
Pen-testers hand you a PDF once a year; Celvex Sentry runs every attack they would, every week, and proves the ones that still work — with a fix attached. Use pen-tests for the annual signed attestation your regulator asks for; use Celvex Sentry for the 51 weeks in between.
| Dimension | Traditional pen test | Celvex Sentry |
|---|---|---|
| Cost | Five-figure engagement fee, paid up front | Sentinel or Fortress — pricing on request |
| Frequency | Annual or quarterly | Daily or weekly (by plan) |
| Coverage | 200–400 manual vectors (time-bound) | 5,800+ deep inspections with adaptive chaining; new scenarios & harnesses added every night |
| Report format | PDF only, dated on delivery | PDF for the auditor and a live dashboard with API, working demos, re-runnable on demand |
| Follow-up | Pay again to re-verify fixes | Included: auto re-checks on cadence |
| Regulatory | Static snapshot (e.g., "Q3 2025") | Continuous posture for PCI-DSS, SOC 2, HIPAA |
replay.sh."replay.sh. You can re-run it yourself. You should."The free Exposure Check uses the same Offensive Simulation, Cloud & Infrastructure, and Supply Chain Integrity logic described above. Or skip the queue — book 20 minutes with a researcher and we'll walk a sample report with you.
Run a free scan 📅 Book a 20-min researcher review See plans