A browser extension for security operators and engineers. Hover over a CVE on an advisory page and see your tenant's exposure. Quick-search your SBOM portfolio without leaving the tab. Jump from a Jira ticket to the live finding. All bound to your tenant, all auditable, all token-scoped.
Security work happens on the same handful of pages — advisory feeds, GitHub diffs, Jira tickets. The extension meets that work where it already lives.
On NVD, GitHub, OSV, or vendor advisory pages, the extension overlays a small badge that shows whether your tenant is exposed to the CVE. One click expands into the project list, reachability verdict, and SLA clock.
Press the keyboard shortcut anywhere in the browser to open a search box scoped to your SBOMs. Type a package name and see every product that ships it, the version, the license posture, and the open findings against it.
On Jira, ServiceNow, and Linear ticket pages, the extension recognises Safeguard finding IDs in the ticket body and inlines the live status. A single click opens the finding in the platform with the trace already loaded.
The toolbar icon shows the count of unread critical findings against any product you own. The badge respects your notification preferences and your on-call schedule — quiet hours stay quiet.
On GitHub and GitLab merge pages, the extension surfaces the SCA and SAST verdict for the diff before you scroll to the comments. Reachable findings stand out from advisory ones, so the review focus is right.
Approve, defer, or comment on a finding without leaving the page you were already looking at. Actions are logged with the same audit trail as the in-app workflow — no shadow approvals from the toolbar.
One-click install. Works against Chrome, Edge, Brave, and Arc — anything Chromium-based with MV3 support.
OAuth flow back to your Safeguard tenant. The extension stores a short-lived token bound to your user agent. No long-lived API keys.
Toggle which sites the extension activates on — NVD, GitHub, Jira, ServiceNow, Linear, vendor advisory pages. Off by default everywhere else.
Badges, overlays, and search panels appear in context. No new tab, no new app, no new shortcut to remember.
Every approval, deferral, or comment fired from the extension lands in the same audit log as the rest of the platform. The toolbar is not a back door.
Three minutes to install and sign in. The next CVE you research already has your exposure baked into the page.