Safeguard Documentation Center
Enterprise Software Supply Chain Manager (ESSCM)Integrations

Integrations

Connect your source code repositories, container registries, AI models, and more to generate SBOMs

Integrations

Safeguard supports multiple integration types to generate SBOMs from various sources. Navigate to Integrations from the sidebar to connect your tools.

Integrations Page Overview

The Integrations page includes tabs for different functions:

  • Add Project/Product - Connect new integrations and add projects
  • Deployment - Manage deployment configurations
  • Configure Scanner - Set up scanner settings
  • Notification - Configure alerts and notifications

You can filter integrations by type using the filter buttons: All, Source Code (SCM), Container Image, AI Model, Upload, or Reset.

Integrations Page

Integration Types

Source Code Management (SCM)

Generate SBOMs directly from your source code repositories. Supports both public and private repositories.

IntegrationDescriptionPublicPrivate
GitHubConnect GitHub repositories
BitbucketConnect Bitbucket repositories
GitLabSelf-hosted or cloud GitLab
GitGeneric Git URL

Container Images

Scan container images from popular registries.

IntegrationDescriptionPublicPrivate
Amazon ECRAWS Elastic Container Registry
Docker HubDocker Hub repositories
GCP Cloud SourceGoogle Cloud container sources
OCI RegistryOpen Container Initiative registries

AI Models

Scan AI and machine learning models for dependencies and vulnerabilities.

IntegrationDescription
Hugging FaceConnect and scan AI models

File Uploads

Upload files directly for SBOM generation.

IntegrationDescription
CSAF/VEXUpload CSAF or VEX files
APKUpload Android APK files
Manifest FileUpload package manifest files

General Workflow

All integrations follow a similar workflow:

  1. Navigate to Integrations - Access from the sidebar
  2. Select Integration Type - Choose from SCM, Container Image, AI Model, or Upload
  3. Click Connect - On the integration card
  4. Configure Access - Enter credentials (for private) or URL (for public)
  5. Review & Connect - Select repositories/images and configure project settings
  6. View in Projects - Your connected projects appear in the Projects page

Example: Adding a Bitbucket Repository

This example demonstrates how to connect a Bitbucket repository. The process differs slightly for public vs private repositories.

Adding a Public Repository

Step 1: Click Connect on Bitbucket

From the Integrations page, click the Connect button on the Bitbucket card.

Integrations Page - Click Connect

Step 2: Enter Repository Details

  1. Select Public tab
  2. Enter a Name for this configuration
  3. Optionally add a Description
  4. Enter the public URL of the repository (e.g., https://bitbucket.org/atlassian/aui)
  5. The system will validate the URL and show "Repository URL is valid"
  6. Click Add to add the URL to the list

Enter Public Repository URL

Step 3: Review Added URLs

Your added repository URLs will appear in the Added URLs table showing the Repository URL and when it was added.

Click Next to proceed to the review step.

Added URLs

Step 4: Review & Configure Repositories

Review and configure the repositories to be connected:

  • Select which repositories to include using checkboxes
  • Configure Branch/Tag for each repository
  • Set the Project Name (defaults to repository name)
  • Set the Version (defaults to 1.0.0)

Click Connect to complete the integration.

Review Repositories

Step 5: View Configuration

After connecting, your configuration appears in the Project Configurations table at the bottom of the Integrations page.

Configuration Added

Adding a Private Repository

For private repositories, you'll need to provide authentication credentials.

Step 1: Click Connect on Bitbucket

From the Integrations page, click the Connect button on the Bitbucket card.

Step 2: Enter Credentials

  1. Select Private tab
  2. Enter a Name for this configuration
  3. Optionally add a Description
  4. Enter your Bitbucket Credentials:
    • Username - Your Bitbucket username
    • Access Token / App Password - Your Bitbucket app password or access token
  5. Click Verify Credentials

Enter Private Repository Credentials

Step 3: Credentials Verified

Once credentials are verified successfully, you'll see "Credentials verified successfully!" message. Click Next to proceed.

Credentials Verified

Step 4: Select Workspace and Repositories

  1. Select Workspace - Choose the Bitbucket workspace to access repositories from
  2. Review & Configure Repositories - Select repositories, configure branch/tag, project name, and version

Click Connect to complete the integration.

Select Workspace and Repositories

Step 5: View All Configurations

Your new configuration will appear alongside any existing configurations in the Project Configurations table.

All Configurations

Generation Options

OptionDescription
Project NameIdentifier for this SBOM
VersionVersion tag (auto-detected from git tags)
Branch/TagSpecific branch or tag to scan
Include Dev DependenciesInclude development dependencies
Deep AnalysisEnable Griffin AI deep analysis

Generation Times

Project SizeApproximate Time
Small (under 100 dependencies)Under 1 minute
Medium (100-500 dependencies)2-5 minutes
Large (500+ dependencies)5-15 minutes

Project Configurations

After connecting integrations, your configurations are saved in the Project Configurations table at the bottom of the Integrations page. This allows you to:

  • View all connected integrations
  • See provider type and connection details
  • Track when configurations were created and updated
  • Manage and edit existing connections

Viewing Your Projects

After adding integrations, navigate to Projects from the sidebar to see all your added projects. The Projects table displays:

ColumnDescription
Project NameName of the project (click to view details)
VersionVersion tag or branch
StatusActive or inactive status
OrganizationsOrganization assignment
FindingsSummary counts (E, C, H, M, L)
VulnerabilitiesVulnerability count

Continuous Scanning

Safeguard.sh performs daily continuous scanning of all your projects to detect new vulnerabilities as they are disclosed.

Enable additional scanning triggers:

  • On Push - Scan on every commit to monitored branches
  • Scheduled - Daily, weekly, or custom schedule
  • On Release - Scan when new tags are created

CLI Usage

# Install the CLI
npm install -g @safeguard-sh/cli

# Authenticate
safeguard auth login

# Generate SBOM
safeguard sbom generate --source . --name "my-app" --version "1.0.0"

Full CLI documentation

Enterprise Software Supply Chain Manager (ESSCM)

Complete visibility for code, containers, AI models, and CI/CD pipelines with AI Remediate capabilities

Source Code Management (SCM)

Generate SBOMs from source code repositories

On this page

IntegrationsIntegrations Page OverviewIntegration TypesSource Code Management (SCM)Container ImagesAI ModelsFile UploadsGeneral WorkflowExample: Adding a Bitbucket RepositoryAdding a Public RepositoryStep 1: Click Connect on BitbucketStep 2: Enter Repository DetailsStep 3: Review Added URLsStep 4: Review & Configure RepositoriesStep 5: View ConfigurationAdding a Private RepositoryStep 1: Click Connect on BitbucketStep 2: Enter CredentialsStep 3: Credentials VerifiedStep 4: Select Workspace and RepositoriesStep 5: View All ConfigurationsGeneration OptionsGeneration TimesProject ConfigurationsViewing Your ProjectsContinuous ScanningCLI Usage