Enterprise Software Supply Chain Manager (ESSCM)IntegrationsSource Code (SCM)
Source Code Management (SCM)
Generate SBOMs from source code repositories
Source Code Management (SCM)
Generate SBOMs directly from your source code repositories. Safeguard supports both public and private repositories across multiple SCM platforms.
Supported Platforms
| Platform | Description | Documentation |
|---|---|---|
| GitHub | Connect public and private GitHub repositories | View Guide |
| Bitbucket | Connect Bitbucket Cloud repositories | View Guide |
| GitLab | Self-hosted or cloud GitLab instances | View Guide |
| Git | Generic Git URL for any Git repository | View Guide |
Public vs Private Repositories
Public Repositories
For public repositories, you only need to provide the repository URL. No authentication is required.
Workflow:
- Click Connect on the SCM integration card
- Select Public tab
- Enter the repository URL
- Click Add then Next
- Review and configure project settings
- Click Connect
Private Repositories
Private repositories require authentication credentials to access the code.
Workflow:
- Click Connect on the SCM integration card
- Select Private tab
- Enter configuration name and credentials
- Click Verify Credentials
- Select workspace (if applicable) and repositories
- Configure project settings
- Click Connect
Credential Requirements
| Platform | Public | Private |
|---|---|---|
| GitHub | URL only | Personal Access Token |
| Bitbucket | URL only | Username + App Password |
| GitLab | URL only | Personal Access Token |
| Git | URL only | Username + Password/Token |
Best Practices
- Use dedicated service accounts - Create tokens specifically for Safeguard integration
- Minimum permissions - Grant only read access to repositories
- Token rotation - Regularly rotate access tokens
- Monitor access - Review connected repositories periodically