Skip to content

The 27 Sentry security checks Black Cat runs

Black Cat SSPM evaluates 27 security policies against your Sentry configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.

access control

highSSO Disabled

Enable SSO for the Sentry organization via a SAML2 or OAuth identity provider

mediumDefault Role Not Member

Set the default organization member role to "member" to enforce least privilege

mediumExcessive Admins

Reduce the number of admin-level members to the minimum required for operations

mediumDormant User

Remove or deactivate dormant member accounts that have not been active recently

mediumOld Pending Invite

Revoke stale pending invitations that have not been accepted within a reasonable timeframe

mediumInactive Admin

Remove or downgrade admin accounts that have been inactive for more than 90 days

lowExpired Invitation Not Removed

Clean up expired invitations to keep the member list accurate and reduce confusion

mediumEvents Member Admin Disabled

Enable event admin access for members so they can manage event visibility within their projects

mediumAlerts Member Write Enabled

Restrict alert rule creation and modification to admin or manager roles

mediumLong-Term Inactive Member

Remove members who have been inactive for over a year as they likely never actively used the account

mediumDeactivated Member Not Removed

Remove deactivated accounts that still retain organization membership to prevent unauthorized access

highOwner Role Review

Review owner-role accounts and demote to admin or member where full owner privileges are not needed

highPending Admin Invite

Revoke pending admin-level invitations that have not been accepted to prevent invite link misuse

mediumInactive Member 90 Days

Remove or downgrade regular member accounts inactive for more than 90 days

criticalDefault Role Elevated to Admin or Owner

Change the default organization role from admin or owner to member to prevent automatic privilege escalation

mediumExpired Admin Invite Not Cleaned Up

Remove expired admin-level invitations to keep the member list clean and reduce confusion

highAdmin Redundancy Missing

Add a second admin-level account to prevent lockout if the sole admin is unavailable

highVery Stale Pending Invite

Revoke invitations pending for more than 30 days as they represent a significant security risk

data leakage

mediumShared Issues Enabled

Disable public issue sharing to prevent unauthenticated access to error data

mediumEnhanced Privacy Disabled

Enable enhanced privacy mode to restrict personal data visibility to authorized members

mediumOpen Membership

Disable open membership so new users must be explicitly invited to join teams

mediumEvent Attachments Access

Restrict event attachments access to admin, manager, or owner roles only

lowDebug Files Access

Restrict debug file access to admin, manager, or owner roles to protect symbol files

mfa

highMember Without 2FA

Require all active members to enroll in two-factor authentication

criticalAdmin Without 2FA

Immediately enforce two-factor authentication on all admin-level accounts

privacy

mediumData Scrubber Disabled

Enable the data scrubber to automatically remove sensitive data from ingested events

mediumData Scrubber Defaults Disabled

Enable default data scrubber rules to apply standard PII removal across all projects

See these checks run on your stack

Start a free 14-day trial — no credit card required.

Start Free Trial