Safeguard.sh Documentation Center

Desktop Application

The Safeguard desktop app — a native client for macOS, Windows, and Linux with system-level controls.

Desktop Application

The Safeguard desktop app is a native application for macOS, Windows, and Linux. It pairs the full Safeguard UI with system-level capabilities that a browser cannot offer: inspecting local repositories, scanning container images without pushing them anywhere, and running Griffin-assisted fixes directly against files on disk.

What Makes It Different

Browser-based security tools cannot reach into your filesystem, container runtime, or local Git workspaces. The desktop app can, with explicit user consent:

  • Scan local code — point the app at a project folder; it generates an SBOM without uploading your source.
  • Scan local Docker / Podman images — inspects layers and metadata against your local daemon socket.
  • Run Griffin autofix against local files — applies remediation to your working copy, shows the diff, and asks for confirmation before writing.
  • Install the Safeguard CLI and agents — one-click installers for the CLI, runner, and Kubernetes admission controller.
  • Execute shell commands under consent — used for tasks like running git status, npm audit, or docker inspect. Every command is shown before it runs and logged locally.

Supported Platforms

OSArchitectureNotes
macOS 12 Monterey+arm64, x86_64Notarized universal binary. Auto-update via Sparkle.
Windows 10 / 11x86_64, arm64MSIX and EXE installers. Signed with EV cert.
Linux (Ubuntu 22.04+, Fedora 40+, Debian 12+)x86_64, arm64.deb, .rpm, AppImage, Flatpak.

Download from safeguard.sh/download.

First Run

  1. Install the app.
  2. Sign in with your Safeguard account (OAuth via browser).
  3. Grant or decline each system capability individually:
    • Filesystem access (per-folder)
    • Docker / Podman socket access
    • Kubernetes kubeconfig access
    • Shell command execution
  4. Optionally, install the Safeguard CLI and local runner — the app will detect them later if you skip.

All grants are persisted in the OS keychain and can be revoked in Settings → System Access.

Capabilities

Local Project Scanning

  • Drag a folder onto the app, or use File → Open Project.
  • The app detects the package ecosystem (npm, pip, Maven, Go, Cargo, etc.) and generates a CycloneDX SBOM locally.
  • SBOM stays on disk by default. Upload to Portal is a one-click action you approve explicitly.

Local Container Scanning

  • Connect to the local Docker or Podman daemon.
  • The app lists images and lets you scan one without pulling or pushing.
  • Scan results cross-reference with Safeguard vulnerability data while respecting your "don't upload SBOM" preference if set.

Griffin Desktop Mode

  • Open any local project; click Fix with Griffin.
  • Griffin proposes a diff. You can preview it in the app's diff viewer or in your configured editor (VS Code, Cursor, JetBrains).
  • Nothing is written to disk until you click Apply. You can also commit through the app.

The app can run shell commands on your behalf for security tasks:

  • npm audit fix after a Griffin-suggested upgrade.
  • docker pull to fetch a patched base image.
  • git checkout -b to create a remediation branch.
  • kubectl rollout restart after you apply a Helm upgrade.

Every command appears in a confirmation dialog with:

  • The exact command text.
  • Why Safeguard proposed it.
  • A "remember for this session" checkbox (not persistent).

You can audit every executed command in Settings → Activity Log, which is stored locally and never uploaded.

Menu Bar / System Tray Agent

A lightweight helper runs in the menu bar / system tray:

  • Shows current security status for watched projects.
  • Surfaces newly published zero-days that affect your local projects.
  • Notifies when a Griffin remediation is ready for review.

The tray agent consumes roughly 40–80 MB of RAM and negligible CPU.

Privacy and Security

  • Source code stays local unless you explicitly upload an SBOM or file.
  • Per-folder filesystem permission — the app cannot read outside folders you grant.
  • No telemetry on source contents — only anonymized usage metrics (screens viewed, features used) with an opt-out in Settings.
  • Signed updates — updates are signed by Safeguard's code-signing cert and verified before installing.

Offline and Air-Gapped Mode

The app can run in offline mode using a local vulnerability database snapshot. Snapshots are refreshed on a schedule or on-demand when the device comes online. See air-gapped guide.

System Requirements

ResourceMinimumRecommended
RAM4 GB8 GB+
Disk500 MB install + ~1 GB offline DB snapshot5 GB
CPU64-bit4+ cores

Uninstall

The app uninstalls cleanly:

  • macOS: drag to Trash or use the in-app uninstaller.
  • Windows: Apps & Features → Safeguard → Uninstall.
  • Linux: package manager (apt remove safeguard-desktop, dnf remove safeguard-desktop, or the AppImage delete).

All local caches, SBOMs, and logs can be preserved or wiped during uninstall.

  • Web Application — browser-based counterpart.
  • Runner — local workflow executor embedded in the app.
  • CLI — command-line equivalent that the desktop app can install.
  • IDE Support — editor integrations that pair with the desktop app.

Web Application

The Safeguard web application — the primary interface for ESSCM, Portal, TPRM, and OSM in any modern browser.

Local Runner

The Safeguard runner — execute Safeguard workflows and Griffin-driven fixes locally, similar in spirit to Claude Code.

On this page

Desktop ApplicationWhat Makes It DifferentSupported PlatformsFirst RunCapabilitiesLocal Project ScanningLocal Container ScanningGriffin Desktop ModeSystem Control (Consent-Gated)Menu Bar / System Tray AgentPrivacy and SecurityOffline and Air-Gapped ModeSystem RequirementsUninstallRelated