Wherever your code lives, wherever your images live, wherever your workloads run — Safeguard plugs in. SCM connectors for every major hosted and self-hosted Git platform, container registry support across every cloud, and deployment shapes from shared cloud to sovereign air-gapped.
| Provider | Authentication | Status |
|---|---|---|
| GitHub | OAuth2 / PAT | GA |
| GitLab | PAT (Bearer) | GA |
| Bitbucket | App Password | GA |
| Azure DevOps | HTTP Basic (PAT) | GA |
| Oracle DevOps | OCI API Key | GA |
| Generic Git (any Git-compatible server) | Token / SSH | GA |
| Gitea (self-hosted) | PAT or username/password | Roadmap |
| AWS CodeCommit | AWS credentials | Roadmap |
| Registry | Authentication | Status |
|---|---|---|
| Docker Hub | JWT (username/password) | GA |
| AWS ECR (Elastic Container Registry) | AWS SDK (Access Key + Secret) | GA |
| Azure ACR (Container Registry) | Basic / Service Principal | GA |
| GCP GCR (Container Registry) | Service Account JSON | GA |
| Oracle OCIR (Cloud Infrastructure Registry) | Tenancy + Auth Token | GA |
| Harbor (open-source registry) | Basic / Robot tokens | GA |
| Generic OCI-compatible registry | Basic / Bearer | GA |
| Quay.io / Red Hat Quay | Robot accounts / OAuth2 | Beta |
| JFrog Artifactory | API Key / username:password | Beta |
| Sonatype Nexus Repository | Username/password or token | Beta |
| GitHub Container Registry (ghcr.io) | GitHub PAT | Beta |
| GitLab Container Registry | GitLab PAT / Deploy Token | Beta |
| Google Artifact Registry (GCP AR) | Service Account JSON | Beta |
Services: ECR, ECS, Lambda, EKS, S3, IAM, CodeCommit, Secrets Manager
Deployment: Shared cloud · Dedicated cluster · VPC-isolated
Services: ACR, AKS, Azure Functions, Azure DevOps, Key Vault, Entra ID
Deployment: Shared cloud · Dedicated cluster · VPC-isolated
Services: GCR, GAR, GKE, Cloud Run, Cloud Build, Secret Manager, Workload Identity
Deployment: Shared cloud · Dedicated cluster · VPC-isolated
Services: OCIR, OKE, OCI DevOps, OCI Vault, Identity & Access Management
Deployment: Dedicated cluster · VPC-isolated · Sovereign
Services: Compute, GPU, Storage, Networking — India data-residency
Deployment: Dedicated cluster · VPC-isolated · Sovereign
Services: ICR, IKS, Code Engine, Secrets Manager, Cloud IAM
Deployment: Dedicated cluster · VPC-isolated
Services: Container Registry, DOKS, Spaces, App Platform
Deployment: Shared cloud · Dedicated cluster
Services: Any CNCF-conformant K8s + OCI registry of your choice
Deployment: Dedicated cluster · VPC-isolated · Sovereign · Air-gapped
Services: TKG, Harbor, vSphere with Tanzu, Tanzu Application Platform
Deployment: Dedicated · VPC-isolated · Sovereign · Air-gapped
Services: Magnum, Swift, Heat, Keystone
Deployment: Dedicated · Sovereign · Air-gapped
Services: K8s / Nomad / Docker Swarm with OCI registry of your choice
Deployment: Sovereign · Air-gapped
Services: Per-country sovereign cloud providers (NCA-aligned KSA, Bhasai/MeghRaj India, Gaia-X EU)
Deployment: Sovereign · Air-gapped
Recommendations based on data residency, regulator alignment, sovereign requirements, and observed customer patterns. Safeguard runs on whichever you pick.
| Region | Preferred (primary) | Alternate options | Sovereign / local |
|---|---|---|---|
| North America (US / Canada) | AWS (us-east-1, us-west-2) | Azure East US 2, GCP us-central1 | AWS GovCloud · Azure Gov · GCP for Government |
| European Union | AWS (eu-west-1 Dublin, eu-central-1 Frankfurt) | Azure West Europe, GCP europe-west3 | OVHcloud · Scaleway · STACKIT · T-Systems · S3NS (FR) |
| United Kingdom | AWS London (eu-west-2) | Azure UK South, GCP europe-west2 | UKCloud · Crown Hosting |
| India | AWS Mumbai (ap-south-1) | Azure Pune / Chennai, GCP Mumbai | MeghRaj / NIC · MeitY-empanelled providers · CtrlS · NxtGen · Yotta |
| Middle East — KSA | Oracle Jeddah · AWS Bahrain (me-south-1) | Azure Saudi (preview), GCP Doha (me-central1) | NCA-licensed local providers · STC Cloud · stc-pay infra |
| Middle East — UAE | Azure UAE North · AWS UAE (me-central-1) | Oracle Abu Dhabi, GCP Doha | G42 · Khazna · Mubadala |
| Middle East — other GCC | AWS Bahrain · Azure Qatar Central | Oracle Jeddah / Dubai | Local NCA / NIA / CITC-licensed providers |
| Australia & NZ | AWS Sydney (ap-southeast-2) | Azure Australia East, GCP australia-southeast1 | Vault Cloud · AUCloud · Sliced Tech |
| APAC — Singapore / SEA | AWS Singapore (ap-southeast-1) | Azure Southeast Asia, GCP asia-southeast1 | ST Engineering · Singtel · IM8-aligned providers |
| APAC — Japan | AWS Tokyo (ap-northeast-1) | Azure Japan East, GCP asia-northeast1 | KDDI · NTT Com · Fujitsu Cloud |
| APAC — Korea | AWS Seoul (ap-northeast-2) | Azure Korea Central, GCP asia-northeast3 | KT Cloud · Naver Cloud · NHN Cloud |
| Latin America | AWS São Paulo (sa-east-1) | Azure Brazil South, GCP southamerica-east1 | Locaweb · Ascenty (regional carriers) |
| Africa | AWS Cape Town (af-south-1) | Azure South Africa North, GCP johannesburg | Liquid C2 · Teraco · State Information Technology Agency (SITA, ZA) |
"Preferred" reflects customer-success patterns and data-residency optimisation — not a vendor mandate. Safeguard remains cloud-agnostic; you choose, we run there. Sovereign tier always runs on customer-controlled infrastructure.
SCM: first-class connector with OAuth/PAT setup, webhook auto-config, repo discovery, branch policy, and PR-comment write-back. "GA" means production-ready; "Roadmap" means planned with a published quarter.
Container registry: authenticated pull + manifest read + tag enumeration + SBOM ingest. "GA" means in production; "Beta" means functional but under hardening.
Cloud: the platform runs on or against any of the listed clouds. Deployment shape (shared / dedicated / VPC-isolated / sovereign / air-gapped) determines which Griffin variant is available.
Missing your cloud or SCM? The Generic Git + Generic OCI connectors cover most edge cases. For anything else, talk to the integrations team — first-class connectors are a 4–8 week add given the existing framework.
Talk to the integrations team — integrations@safeguard.sh.