Safeguard
Connectors directory

First-party connectors to every system in your stack.

The line-item directory of every connector Safeguard ships. Categorised by what they connect to — SCM, CI/CD, ticketing, comms, oncall, SIEM, identity, cloud, secret managers, registries — with the auth mechanism and the GA/Beta status of each one.

Looking for higher-level capability categories? See /integrations. For the cloud-and-SCM focused matrix, see /cloud-providers.

40+
First-party connectors, all signed
GA
Most connectors are GA, not beta-ware
OAuth + SCIM
Standard auth patterns, no custom shims
Audited
Every connector call is logged

Source code management

Pull repos, post PR comments, gate merges, and verify signed commits across every code host you use.

GitHub Enterprise Cloud

GA

Auth: GitHub App + OAuth

GitHub Enterprise Server

GA

Auth: GitHub App

GitLab SaaS

GA

Auth: OAuth + project token

GitLab Self-Managed

GA

Auth: OAuth + project token

Bitbucket Cloud

GA

Auth: OAuth

Bitbucket Data Center

GA

Auth: Personal access token

Azure DevOps

GA

Auth: OAuth + PAT

Gitea

Beta

Auth: Token

CI / CD and build

Receive build events, post status checks, and run policy gates at the right step in your pipeline.

GitHub Actions

GA

Auth: OIDC

GitLab CI

GA

Auth: OIDC

Jenkins

GA

Auth: Plugin + token

CircleCI

GA

Auth: Orb + OIDC

Buildkite

GA

Auth: OIDC

Azure Pipelines

GA

Auth: Service connection

Argo CD

GA

Auth: Sync hook + OIDC

Flux

Beta

Auth: GitOps hook

Spinnaker

Beta

Auth: Webhook

Ticketing and issue tracking

Open, update, and close tickets — with finding context as ticket metadata, not free-text in a description.

Jira Cloud

GA

Auth: OAuth 2.0

Jira Data Center

GA

Auth: PAT

Linear

GA

Auth: OAuth

ServiceNow

GA

Auth: OAuth + REST

Asana

GA

Auth: OAuth

GitHub Issues

GA

Auth: GitHub App

Shortcut

Beta

Auth: API token

Communication

Alerts, approvals, and triage workflows in the channels your team already inhabits.

Slack

GA

Auth: OAuth (workspace install)

Microsoft Teams

GA

Auth: Entra OAuth

Discord

Beta

Auth: Bot token

Email (SMTP / Postmark / SES)

GA

Auth: API key

Webhooks (generic)

GA

Auth: Signed HMAC

Oncall and incident response

Escalate stale critical findings up your existing oncall rotation. Pages happen in the system that already wakes people up.

PagerDuty

GA

Auth: OAuth + integration key

Opsgenie

GA

Auth: API key

Incident.io

GA

Auth: OAuth

Splunk On-Call

Beta

Auth: REST integration

SIEM and observability

Ship findings, audit events, and platform metrics into the SIEM and observability backends that already see your traffic.

Splunk

GA

Auth: HEC token

Datadog

GA

Auth: API key

Elastic SIEM

GA

Auth: API key

Sumo Logic

GA

Auth: HTTP source

Microsoft Sentinel

GA

Auth: Log Analytics

Chronicle

Beta

Auth: Service account

Grafana / Loki

GA

Auth: API key

Identity and access

Single sign-on plus user and group provisioning through the IdP your enterprise already runs.

Microsoft Entra ID

GA

Auth: OIDC + SCIM

Okta

GA

Auth: OIDC + SCIM

Google Workspace

GA

Auth: OIDC + SCIM

OneLogin

GA

Auth: OIDC + SCIM

JumpCloud

Beta

Auth: OIDC + SCIM

PingFederate

GA

Auth: SAML 2.0

Generic SAML 2.0

GA

Auth: SAML metadata

Cloud accounts

Read inventory, fetch SBOMs from registries, and gate IaC plans against the live state of your cloud accounts.

Amazon Web Services

GA

Auth: IAM role + STS

Microsoft Azure

GA

Auth: Workload identity

Google Cloud

GA

Auth: Workload identity federation

Oracle Cloud Infrastructure

Beta

Auth: OCI auth

DigitalOcean

Beta

Auth: API token

Cloudflare

GA

Auth: API token

Secret managers

Pull deployment-time secrets from the vault you already trust. No new secret to manage just to manage secrets.

HashiCorp Vault

GA

Auth: AppRole + JWT

AWS Secrets Manager

GA

Auth: IAM role

Azure Key Vault

GA

Auth: Workload identity

Google Secret Manager

GA

Auth: Workload identity federation

1Password Secrets Automation

Beta

Auth: Service token

Doppler

Beta

Auth: Service token

Container registries and artefact stores

Scan, sign, and pull from the registries that hold your build output. No mandatory rehosting.

Amazon ECR

GA

Auth: IAM role

Azure Container Registry

GA

Auth: Workload identity

Google Artifact Registry

GA

Auth: Workload identity federation

Docker Hub

GA

Auth: API token

JFrog Artifactory

GA

Auth: API token + OIDC

Sonatype Nexus

GA

Auth: User token

GitHub Packages

GA

Auth: GitHub App

Harbor

Beta

Auth: Robot account

Don't see yours?

Custom connectors fit into the same shape.

The connector contract is a typed manifest plus a signed runtime. Build one yourself, sponsor one with us, or browse community-submitted plugins in the plugin marketplace.

All connectors must pass the same security review — signing, scope checks, audit logging, fail-closed defaults.
A connector SDK in TypeScript and Go covers the common cases without you writing boilerplate.
Sponsorship path for must-have connectors: we'll build, certify, and maintain a connector against your roadmap.

Wire it up in an afternoon.

Walk through your connector list with us. Every connector you already need is in this directory; the ones that aren't are usually a week away.