sentry.io is deployed on Google Cloud Platform’s Virtual Private Cloud. We use Firewall Rules (https://cloud.google.com/vpc/docs/firewalls) to control access to our infrastructure. See cloud.google.com/security and https://cloud.google.com/security/overview/whitepaper for more information.
Sentry is open source software and code can be viewed/audited at github.com/getsentry/sentry. User submitted/generated code and content is not executed on Sentry.
Sentry does not run anti-virus and relies on intrusion prevention/detection and other preventative measures (e.g. host-level intrusions, scanning for open ports, authentication logs) to limit exposure and restrict/track access, as well as regular penetration testing and vulnerability scanning to detect any software/dependency vulnerabilities.