DUBLIN, California — July 12, 2026 — Safeguard today announced a Chrome extension for Gold Open Source, its free public directory of security-verified open-source software, alongside a major expansion of what the directory covers. Gold Open Source now spans AI models, Model Context Protocol (MCP) servers, agent skills, and chip manufacturers — in addition to the packages, container images, CVEs, and weakness taxonomies it already tracked.
The Gold Open Source Chrome extension is live on the Chrome Web Store and brings the directory's lookups directly into the browser, so developers can check a component's security status without leaving their workflow.
More than packages and CVEs
Gold Open Source began as a directory of verified open-source packages and a free vulnerability (CVE) database. Today's expansion adds several new browsable, searchable catalogs at gold.safeguard.sh:
- AI models — open-weight models sourced live from the Hugging Face Hub (with real download and star counts) plus notable frontier models, each with license and modality.
- MCP servers — thousands of Model Context Protocol servers from the official registry, the connectors and plugins that give AI agents tools and data.
- Agent skills — official Anthropic Agent Skills and notable community skills.
- Chip manufacturers — the semiconductor companies behind modern compute, from fabless designers to foundries and equipment makers.
- The full MITRE ATT&CK® framework — tactics, techniques and sub-techniques, mitigations, threat-actor groups, malware and tools, and campaigns across the Enterprise, Mobile, and ICS matrices.
These join the existing coverage: verified packages across more than 20 ecosystems, container images, a real-time CVE database, the CWE weakness index, and SGZ zero-day advisories.
The Gold standard
Components earn "Gold" status when they carry zero known high or critical vulnerabilities, are malware-free, are license-compliant, and have verified provenance. Everything in the directory is free to browse, with no account required.
"Developers make dependency decisions dozens of times a day, and most of that context lives in a browser tab," said a Safeguard spokesperson. "Putting Gold Open Source one click away in Chrome — and expanding it to the AI models, MCP servers, and skills teams are now shipping — meets developers where the decisions actually happen."
Availability
The Gold Open Source directory is available now at gold.safeguard.sh. The Chrome extension is available on the Chrome Web Store.
About Safeguard
Safeguard is the immune system for software — it finds and fixes vulnerabilities across the software supply chain. Learn more at safeguard.sh.
MITRE ATT&CK® is a registered trademark of The MITRE Corporation.