Safeguard
Platform · Skills

Modular security capabilities. Compose what you need.

Skills are small, composable units of work — detect, reason, remediate, govern, comply, integrate. Each one has a typed contract, a signed trace, and a marketplace home. Use the ones we ship, override the ones you want to, write the ones we have not.

40+
skills
Composable
by design
Marketplace
ready
1st + 3rd
party
Six categories

Every skill belongs to one of six families.

Detection skills

Surface what is there — vulnerabilities, secrets, sinks, suspicious dependencies.

sink.detect
secret.scan
package.suspicious
license.flag
image.scan

Reasoning skills

Decide whether a finding is real — taint, exploitability, disproof.

taint.walk
exploit.hypothesis
exploit.disprove
reach.rank
context.merge

Remediation skills

Close the loop — patch, PR, regression test, rollback plan.

patch.synthesize
pr.draft
test.generate
rollback.plan
fix.verify

Governance skills

Constrain what is allowed — policy gates, capability scopes, signed logs.

policy.evaluate
capability.scope
audit-log.sign
approval.route
guardrail.enforce

Compliance skills

Produce evidence — SBOM, attestations, framework mappings.

sbom.generate
evidence.collect
framework.map
vex.author
attestation.sign

Integration skills

Move data between Safeguard and the rest of the stack.

jira.sync
slack.notify
siem.push
ticket.assign
webhook.dispatch
Featured

Eight skills most teams reach for first.

Each skill ships with a typed input/output contract, a signed audit trace, and a documented home in a product or use case.

griffin.reason

Structured-trace reasoning over a candidate finding — emits hypothesis, cited path, disproof, and proposed patch.

Used by
eagle.rank

Reachability-aware vulnerability ranking. Sorts findings by exploitable surface, not by CVSS theatre.

Used by
lino.flag

Lightweight detector for suspicious dependencies, typosquats, and compromised maintainers in real time.

Used by
sbom.generate

Produce a CycloneDX or SPDX SBOM from a manifest, image, or repo — signed, attested, ready to ship.

Used by
vex.author

Author and sign a VEX statement for a CVE against a specific product — affected, not affected, fixed, under investigation.

Used by
auto-fix.patch

Synthesise a patch for a confirmed finding, generate a regression test, open a PR — reviewer in the loop.

Used by
policy.evaluate

Run an artefact (image, SBOM, finding) through the active policy set and return a structured allow / deny / wait decision.

Used by
audit-log.sign

Append a cryptographically signed entry to the per-tenant audit log — every Safeguard decision is replayable.

Used by
Composition

Wire them together in a manifest.

A short YAML pipeline expresses what most teams want: scan, rank, reason, fix, gate, log.

# safeguard.skills.yaml
pipeline:
  - skill: sbom.generate
    inputs: { source: repo }
  - skill: eagle.rank
    inputs: { sbom: ${steps.sbom.out} }
  - skill: griffin.reason
    when: rank.high
    inputs: { finding: ${steps.eagle.out.top } }
  - skill: auto-fix.patch
    when: griffin.confirmed
    inputs: { finding: ${steps.griffin.out } }
  - skill: policy.evaluate
    inputs: { patch: ${steps.fix.out } }
  - skill: audit-log.sign
    inputs: { trace: ${pipeline.trace } }
Build your own

First-party plus a marketplace.

Write a skill, sign it, list it. The marketplace SDK lets teams ship private skills to their tenant or publish public ones for the community. Every skill in the marketplace runs inside the same trace, policy, and audit envelope as the ones Safeguard ships.

Marketplace Ecosystem

Pick a few and start composing.

Skills are how Safeguard scales horizontally without becoming a single monolithic tool. Wire what you need, leave what you do not.