Getting started with Safeguard takes four steps: create an account, connect one repository, run your first scan, and review the prioritized fixes. From there you wire it into CI, the IDE, and — if you use AI assistants — the MCP server, then expand coverage across your organization. This FAQ walks through onboarding and the questions new users ask along the way.
Frequently Asked Questions
How do I create a Safeguard account? Sign up at the registration page with your work email, and your tenant and organization context are set up for you. There is no need to install anything locally to begin — you can connect a repository and run a scan from the web app immediately.
What is the fastest way to see value on day one? Connect a single repository and run one scan. The initial scan builds your dependency graph, surfaces prioritized and reachable findings, and shows you the fixes that matter, usually within minutes. Starting with one important service is more useful than trying to onboard everything at once.
Which source control systems does Safeguard connect to? Safeguard integrates with the major SCM providers, including GitHub, GitLab, Bitbucket, and Azure DevOps. You connect a repository through the integration flow, grant the necessary access, and Safeguard begins analyzing the code and its dependencies.
How do I run my first scan? After connecting a repository, trigger a scan from the app or CLI. Safeguard parses your manifests and lockfiles, traces transitive dependencies, and matches components against vulnerability intelligence. When it finishes, you get a list of findings ranked by real exploitability rather than raw severity.
How do I read the results? Findings are prioritized using severity, EPSS exploit-prediction scoring, and reachability analysis, so the exploitable, reachable issues sit at the top. Each finding shows why it matters and whether a fix is available. Focus your first pass on reachable criticals, which are the issues most worth immediate attention.
How do I integrate Safeguard into CI/CD? Add Safeguard as an inline pull-request check and, if you want, use the CLI in your pipeline. The highest-leverage configuration is a gate that blocks new critical, reachable findings from merging, which prevents new bad code from landing rather than reporting it after the fact.
Can developers use Safeguard inside their editor? Yes. IDE extensions bring findings and fixes into the developer's normal workflow, catching vulnerabilities as code is written rather than after a pull request opens. This shifts security left without adding a separate tool developers have to remember to visit.
How do I get automated fixes? Enable Griffin AI and Auto Fix so that, when an exploitable vulnerability is found, Safeguard generates a fix pull request with compatibility testing. You review and merge it like any other PR, and you can widen the amount of autonomy you grant as you build confidence in the results.
How do I generate an SBOM for a customer or auditor? Use SBOM Studio to generate a bill of materials in seconds and export it as CycloneDX or SPDX from one source graph. You can attach in-toto attestations and SLSA provenance and publish VEX statements, which is often exactly what procurement and compliance teams ask for.
How do I connect AI assistants to Safeguard? Point a Model Context Protocol client — such as Claude Desktop, an IDE agent, or ChatGPT — at the MCP server. You can scope which tools each agent may call and whether it operates read-only or with sandboxed write access, and every call is audited. This lets assistants scan, look up, and request fixes in context.
Do I need special infrastructure to run Safeguard? No. You can start in the cloud with nothing to host. For regulated environments, Safeguard also deploys on-premises and air-gapped, with an architecture designed for FedRAMP High and IL7; SOC 2 Type II is in progress with the audit underway. Most teams begin in the cloud and choose a deployment model as needs dictate.
How do I roll Safeguard out across many teams? Start with one or two high-value services, prove the workflow, then expand repository by repository while turning on policy-as-code gates and centralized inventory. Because remediation is automated, a small security team can support a large developer population without a proportional increase in headcount.
How much does Safeguard cost to get started? You can create an account and run an initial scan to evaluate the platform, and pricing is scoped to your environment and coverage needs. Details and how to talk to the team are on the pricing page.
What should I do after my first scan? Fix the reachable criticals, add the PR-blocking gate to your most important repository, and connect a second service. That sequence — remediate, gate, expand — establishes the habits that keep exposure low as you scale.
Ready to begin? Create your free account at https://app.safeguard.sh/register and follow the step-by-step guides at https://docs.safeguard.sh.