Safeguard
Hugging Face Integration

Safeguard for Hugging Face

Connect Safeguard’s MCP server to Hugging Face by Hugging Face and ask about your software supply chain security in natural language. Query vulnerabilities, SBOMs, packages, licenses, and compliance data — and let Hugging Face reason over your real security posture.

Add this connector URL

https://mcp.safeguard.sh/mcp/huggingface

This is Safeguard’s MCP server endpoint purpose-built for Hugging Face. Add it as a custom connector, then authorize with OAuth or an API key.

Connector: Safeguard Security70+ security toolsOAuth 2.0 or API key
Capabilities

What you can do in Hugging Face.

Once the Safeguard Security connector is enabled, Hugging Face can call 35+ security tools and read MCP resources and prompts on your behalf.

Query vulnerabilities & findings

Ask about CVEs, severities, and open findings across your projects in plain language — no query syntax required.

Explore SBOMs, packages & licenses

Inspect components, package versions, transitive dependencies, and license obligations pulled straight from your SBOMs.

AI-powered remediation plans

Generate concrete fix plans for npm, pip, Maven, Go, and Cargo projects — upgrade paths, breaking-change notes, and all.

Compare & analyze SBOMs

Diff and analyze SBOMs in both CycloneDX and SPDX formats to see what changed between builds and releases.

SCM integrations

Reach repositories across GitHub, GitLab, Bitbucket, and Azure DevOps to scope security questions to real code.

Risk scoring & compliance reporting

Surface risk scores and compliance posture, then turn the answers into reports your stakeholders can read.

Policy-gate enforcement

Evaluate policy gates for deployment readiness and understand exactly why a build would pass or be blocked.

Multi-tenant for enterprise

Built multi-tenant from the ground up, so large organizations can keep teams and data cleanly isolated.

Connect Hugging Face

Enable it in a few steps.

1

Create your Safeguard account

Register an account at app.safeguard.sh — or sign in if you already have one.

2

In Hugging Face, add a custom MCP connector

Open Hugging Face and add a custom MCP connector / server.

3

Enter the connector URL

Enter the URL https://mcp.safeguard.sh/mcp/huggingface and name it “Safeguard Security”.

4

Authenticate

Sign in to Safeguard and click Approve when Hugging Face prompts you.

5

Done — ask away

Safeguard’s 70+ security tools are now available to Hugging Face. Start asking questions.

Prefer a CLI-based MCP client? Drop this into your MCP client config using mcp-remote.

mcp.config.json
{
  "mcpServers": {
    "safeguard": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://mcp.safeguard.sh/mcp/huggingface"],
      "env": { "SAFEGUARD_API_KEY": "<your-api-key>" }
    }
  }
}

Replace <your-api-key> with a key from your Safeguard settings.

Auth is simple: you just need a Safeguard account. Create one at app.safeguard.sh if you don’t have one — then just Approve access when Hugging Face asks. Prefer keys? Generate one at your API keys page.

Try these

Example prompts.

List my security projects
Find critical vulnerabilities across my projects
Show me all SBOMs
Generate a remediation plan for my npm project
Which packages violate my license policy?

Bring your supply chain into Hugging Face.

Add the Safeguard Security connector, authorize with OAuth or an API key, and start asking Hugging Face about your vulnerabilities, SBOMs, and compliance in seconds.