Sentinel Dynamic is a cloud-based dynamic application security testing (DAST) platform originally from WhiteHat Security.
The platform is known for its hybrid approach combining automated scanning with human verification of findings.
After acquisitions by NTT and then Synopsys in 2022, the product is now called Black Duck Continuous Dynamic and remains actively maintained.
What is Sentinel Dynamic?
Sentinel Dynamic (now Black Duck Continuous Dynamic) represents a pioneering approach to web application security testing that combines automated vulnerability scanning with expert human verification.
Unlike purely automated DAST tools, the platform employs a team of security researchers who manually verify each finding before reporting it to customers, dramatically reducing false positives. According to the OWASP Testing Guide, human verification of automated scanner output is a recommended practice for reducing false positives in dynamic analysis.
The platform operates as a fully managed SaaS solution, requiring no hardware or software installation on the customer’s infrastructure.
Organizations can scan thousands of web applications simultaneously with continuous assessment capabilities that automatically detect and evaluate code changes.
Key Features
Human-Verified Results
The defining characteristic of Sentinel Dynamic was its Threat Research Center (TRC), where security experts verified every vulnerability finding before it reached customers.
This human-in-the-loop approach typically achieved near-zero false positive rates, allowing development teams to trust that reported issues were genuine security risks requiring attention.
Continuous Assessment
Rather than point-in-time scanning, Sentinel Dynamic provided continuous monitoring of web applications.
The platform automatically detected when applications were updated and initiated new assessments, ensuring security coverage kept pace with development velocity.
Scalable Cloud Architecture
The cloud-based architecture allowed organizations to assess websites of any size or complexity without worrying about infrastructure limitations.
The platform handled thousands of concurrent assessments, making it suitable for enterprises with large web application portfolios.
API and Integration Support
Sentinel Dynamic offered an open API for integration with SIEMs, issue tracking systems, WAFs, and other security infrastructure.
This enabled organizations to incorporate DAST findings into existing security workflows and automate remediation processes.
Acquisition History
WhiteHat Security was acquired by NTT in 2019 and rebranded as NTT Application Security.
In 2022, Synopsys acquired WhiteHat Security, integrating it into their software integrity portfolio.
Following the 2024 divestiture, the product is now part of Black Duck Software and has been rebranded as Black Duck Continuous Dynamic.
The product remains actively maintained and continues to offer production-safe DAST with human verification.
Current Product Name
If you are searching for this product, note that it may be listed under different names:
- WhiteHat Sentinel Dynamic (original name)
- NTT Sentinel Dynamic (2019-2022)
- WhiteHat Dynamic by Synopsys (2022-2024)
- Black Duck Continuous Dynamic (current name)
CI/CD Integration Examples
Sentinel Dynamic / Black Duck Continuous Dynamic integrates with CI/CD pipelines through its REST API:
GitHub Actions
name: Black Duck Dynamic Scan
on:
deployment:
types: [created]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- name: Check Scan Status via WhiteHat Sentinel API
run: |
# WhiteHat Sentinel API (API key authentication)
curl -X GET "https://sentinel.whitehatsec.com/api/site/${{ vars.SITE_ID }}" \
-H "key: ${{ secrets.WHITEHAT_API_KEY }}"
GitLab CI
blackduck-scan:
stage: security
script:
- |
# WhiteHat Sentinel API (API key authentication)
curl -X GET "https://sentinel.whitehatsec.com/api/site/$SITE_ID" \
-H "key: $WHITEHAT_API_KEY"
only:
- main
Industry Significance
Sentinel Dynamic played an important role in the evolution of DAST tooling by demonstrating the value of human verification in vulnerability assessment.
The platform’s emphasis on accuracy over volume influenced the broader market, with many modern DAST tools now incorporating proof-based or verification features to reduce false positives. Tools like Invicti and Burp Suite have since adopted their own proof-based scanning approaches.
The multiple acquisitions reflect broader consolidation in the application security market, with organizations increasingly seeking unified platforms that combine multiple security testing capabilities.
When to Use Black Duck Continuous Dynamic
Organizations should consider Black Duck Continuous Dynamic (formerly Sentinel Dynamic) when they need:
- Production-safe scanning: The platform is designed to safely scan production environments
- Human-verified results: Expert verification dramatically reduces false positives
- Continuous assessment: Automated detection of application changes triggers new assessments
- Low false positive rates: The combination of AI and human verification ensures accuracy
- Managed services: Fully managed SaaS requiring no infrastructure investment
The product continues to be a strong choice for enterprises requiring high-accuracy DAST with minimal operational overhead. For a broader comparison of dynamic testing approaches, see our guide on SAST vs DAST vs IAST.
Note: WhiteHat Security was acquired by NTT, then Synopsys in 2022. Now rebranded as Black Duck Continuous Dynamic and actively maintained.
