Getting Started
Onboarding Workflow
Complete the Safeguard.sh setup and generate your first SBOM
Onboarding Workflow
Complete the onboarding wizard to connect your repositories, generate your first SBOM, and start securing your software supply chain.
Overview
The onboarding process guides you through:
- Connect Integrations - Link your source code and container platforms
- Add Projects - Import projects from connected integrations
- Review Results - Explore vulnerabilities, components, and security posture
- Enable AI Remediate - Let Griffin AI remediate issues automatically
Step 1: Connect Integrations
Source Code Repositories
Connect to your version control:
- Go to Settings → Integrations
- Click Connect next to your provider:
- GitHub
- GitLab
- Bitbucket
- Azure Repos
- AWS CodeCommit
- Authorize Safeguard.sh access
- Select repositories to monitor
Container Registries
Connect to scan container images:
- Go to Settings → Integrations
- Click Connect next to your registry:
- Docker Hub
- AWS ECR
- Google GCR
- Azure ACR
- Enter credentials
- Test connection
Step 2: Generate Your First SBOM
Add a project from your connected integrations:
- Navigate to Projects
- Click + Add Project
- Select an integration source (GitHub, AWS, Bitbucket, etc.)
- Choose the repository or image to scan
- Configure project settings (branch, version)
- Click Add Project
The project will appear in the Projects table showing:
- Project Name
- Version
- Status (active/inactive)
- Organization
- Findings summary (E, C, H, M, L counts)
- Vulnerability count
Generation typically takes 1-5 minutes depending on project size.
Step 3: Review Results
Click on any project to view the Project Overview page with multiple tabs:
Info Tab
- Project name and version
- Created date and creator
- Generation method (SCM, Container, Manual)
- Source code repository URL
- Branch/Tag information
- Organization assignment
- Findings by Severity chart
- Vulnerabilities by Severity chart
- Supply Chain Risk by Components
- Findings by Gate
Additional Tabs
| Tab | Description |
|---|---|
| Attestation | Supply chain attestation and provenance verification |
| Dependencies | Complete dependency tree and component list |
| Provenance | Build and source provenance information |
| Vulnerabilities | Security vulnerabilities with severity ratings |
| Mitigations | Applied mitigations and accepted risks |
| Security Posture | Overall security scoring and posture assessment |
| Code Quality | Code quality metrics and issues |
| Suppliers & Licenses | License compliance and supplier information |
| Findings | All findings across security gates and policies |
Step 4: Enable AI Remediate
Let Griffin AI fix vulnerabilities automatically:
- Navigate to the Vulnerabilities tab in any project
- Click the AI Remediate button
- Review the proposed fix
- Click Create Pull Request
Or enable automatic remediation:
- Go to Settings → AI Remediate
- Enable Automatic PR Creation
- Configure settings
- Save
Next Steps
You're all set! Here's what to do next:
- Set up CI/CD integration for continuous scanning
- Configure policies to enforce security requirements
- Invite your team to collaborate
- Enable continuous monitoring for alerts
Need Help?
- Email: hi@safeguard.sh
- Visit safeguard.sh for more information
- Book a demo for hands-on onboarding