Safeguard
Plugin marketplace

Extend Safeguard. Community plugins. Signed, reviewed, sandboxed.

A marketplace of third-party scanners, custom enrichments, and workflow integrations built on the Safeguard plugin SDK. Every entry is signed, security-reviewed, scope-declared, and sandboxed. Paid plugins share revenue with the author.

Signed
Every plugin is cryptographically signed
Reviewed
Security review before listing
Sandboxed
Runs with capability scopes, not root
Author rev share
Paid contributors keep the bulk
What you can build

A market, not a wild west.

Plugins extend the platform — but on a contract. Signing, scopes, sandbox, audit, and a security review on every release. The marketplace is open. The bar is real.

Browse the marketplace

Filter by category — scanners, enrichments, workflow integrations, dashboards. Each plugin lists what it does, what scopes it needs, the maintainer, the review status, and an install count.

Submit a plugin

Fork the plugin starter, build against the typed SDK, run the local test harness, and submit a manifest. The review queue is public and the SLA on first feedback is one business week.

Signing requirements

Plugins must be signed with a sigstore key bound to the maintainer identity. Unsigned bundles fail to install. Re-signed updates flow through the same chain; tampered releases are visible in the public transparency log.

Security review

Every plugin goes through a manual security review before listing. We read the source, run it through the same scanners we sell, and document the capability scopes the plugin can use. The review report is published with the listing.

Revenue share for authors

Paid plugins earn the author the majority share of the listed subscription price. Free plugins earn the author nothing — but they earn maintainer recognition, including a badge on their author profile and on every release.

Install, configure, audit

Tenant admin installs a plugin, scopes its permissions, and configures it through the same RBAC surface as a first-party feature. Every plugin call is logged with the plugin identity, the scope, and the result.

How install works

From listing to audit log.

01

Browse and pick

Use category filters or keyword search to find the plugin you want. Read the security review, the changelog, and the list of declared scopes before installing.

02

Admin install

Tenant admin installs the plugin. The platform displays the requested scopes — read SBOMs, post webhooks, manage findings — and the admin grants only what's needed.

03

Configure with RBAC

Configure which projects, products, and user groups the plugin applies to. Plugins respect the same RBAC as the rest of the platform; no shadow access.

04

Run with audit

The plugin runs in a sandboxed worker with its declared capabilities only. Every call out of the sandbox lands in the audit log with the plugin identity attached.

05

Update or remove

Updates require a fresh signature check and surface the diff in declared scopes. Removal revokes every artefact created by the plugin in a single transaction.

Author program

Build it, get paid for it.

Paid plugins earn the author the majority share of the listed subscription. Free plugins earn the author maintainer recognition — and a fast lane on future reviews.

Plugin SDK in TypeScript and Go, with a typed contract for findings, scans, enrichments, webhooks, and dashboard cards.
Maintainer identity verified once; subsequent releases re-use the verified key with sigstore.
Plugins run in a per-tenant sandbox worker with their declared capability scopes only. No filesystem, no shell, no network beyond the declared egress hosts.
Public review report on every release. Maintainer responds to reviewer comments in-thread; the platform publishes the resolved state.
Read the author program write-up

Extend the platform, not the attack surface.

Browse the marketplace, install with scopes, and read the review report before you trust a plugin with tenant data.