Safeguard Documentation Center

API Reference

REST API, CLI, and MCP server documentation

API Reference

Safeguard.sh provides comprehensive APIs for automation and integration.

REST API

Authentication

All API requests require authentication:

curl "https://api.safeguard.sh/v1/projects" \
  -H "Authorization: Bearer YOUR_API_KEY"

Generate API keys in SettingsAPI Keys.

Common Endpoints

Projects

# List projects
GET /v1/projects

# Get project
GET /v1/projects/{id}

# Create project
POST /v1/projects

SBOMs

# List SBOMs
GET /v1/sboms

# Get SBOM
GET /v1/sboms/{id}

# Generate SBOM
POST /v1/sboms/generate

# Export SBOM
GET /v1/sboms/{id}/export?format=spdx

Vulnerabilities

# List vulnerabilities
GET /v1/vulnerabilities

# Get vulnerability details
GET /v1/vulnerabilities/{cve}

# Search vulnerabilities
POST /v1/vulnerabilities/search

Response Format

All responses are JSON:

{
  "data": { ... },
  "meta": {
    "page": 1,
    "total": 100
  }
}

CLI

Installation

# npm
npm install -g @safeguard-sh/cli

# Homebrew
brew install safeguard-sh/tap/safeguard

# Direct download
curl -L https://cli.safeguard.sh/install | sh

Authentication

safeguard auth login

Or use environment variable:

export SAFEGUARD_API_KEY="your-api-key"

Commands

# Generate SBOM
safeguard sbom generate --source . --name "my-app" --version "1.0.0"

# List projects
safeguard projects list

# Check security gate
safeguard gate check --policy production

# Search
safeguard search "severity:critical"

# Export SBOM
safeguard sbom export --id abc123 --format cyclonedx

MCP Server

Safeguard.sh provides an MCP (Model Context Protocol) server for AI integrations.

Configuration

{
  "mcpServers": {
    "safeguard": {
      "url": "https://mcp.safeguard.sh",
      "apiKey": "YOUR_API_KEY"
    }
  }
}

Available Tools

  • sbom_generate - Generate SBOMs
  • sbom_search - Search SBOMs
  • vuln_search - Search vulnerabilities
  • vuln_analyze - Analyze vulnerabilities
  • gate_check - Check security gates

Webhooks

Receive notifications for events:

Configuration

  1. Go to SettingsWebhooks
  2. Click Add Webhook
  3. Enter URL and select events
  4. Save

Events

  • sbom.created
  • sbom.updated
  • vulnerability.discovered
  • gate.failed
  • policy.violated

Payload

{
  "event": "vulnerability.discovered",
  "timestamp": "2025-01-03T10:00:00Z",
  "data": {
    "cve": "CVE-2025-1234",
    "severity": "critical",
    "affected_projects": ["project-1", "project-2"]
  }
}

Rate Limits

PlanRate Limit
Free100 requests/hour
Pro1,000 requests/hour
Enterprise10,000 requests/hour

SDKs

Official SDKs:

CI/CD Integration

Integrate Safeguard.sh into your CI/CD pipelines

Compliance

FedRAMP HIGH, IL7, EO 14028, and regulatory compliance

On this page

API ReferenceREST APIAuthenticationCommon EndpointsProjectsSBOMsVulnerabilitiesResponse FormatCLIInstallationAuthenticationCommandsMCP ServerConfigurationAvailable ToolsWebhooksConfigurationEventsPayloadRate LimitsSDKs