MCP Server
Model Context Protocol (MCP)
Connect Claude Desktop and AI assistants to Safeguard's enterprise security platform
Safeguard MCP Server
The Safeguard MCP Server enables AI assistants like Claude Desktop, ChatGPT, and Grok to interact with Safeguard's enterprise-grade vulnerability management and SBOM analysis platform using natural language.
Overview
Model Context Protocol (MCP) is an open standard that allows AI assistants to securely connect to external services. The Safeguard MCP Server exposes 35+ tools for vulnerability scanning, SBOM analysis, AI-powered remediation, SCM integration, and policy enforcement.
Key Features
| Feature | Description |
|---|---|
| 35+ Security Tools | Comprehensive vulnerability scanning, SBOM operations, and remediation |
| Griffin AI Integration | 92% faster autonomous remediation powered by Safeguard's AI |
| Multi-Product Access | SSCM, Portal, TPRM, and Gold Registry through one interface |
| Natural Language | Ask questions like "Find all critical CVEs in my projects" |
| Real-Time Data | Live access to your Safeguard account data |
| Policy Enforcement | Automated compliance gates and security policies |
Quick Start
1. Get API Key
Sign up for a Safeguard account and generate an API key:
- Visit app.safeguard.sh/signup
- Navigate to Settings → API Keys
- Click Generate API Key
- Copy your API key (starts with
sg_api_)
2. Configure Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"safeguard": {
"url": "https://mcp.safeguard.sh/mcp/sse",
"transport": "sse",
"env": {
"SAFEGUARD_API_KEY": "sg_api_your_key_here"
}
}
}
}Config file locations:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json - Linux:
~/.config/Claude/claude_desktop_config.json
3. Restart Claude Desktop
Restart Claude Desktop to load the MCP server connection.
4. Start Using
Try these prompts in Claude Desktop:
"Find all critical vulnerabilities in my projects"
"Generate an SBOM for my latest deployment"
"Show me packages with high EPSS scores"
"Remediate vulnerabilities in my package.json"
"What's my current security risk score?"Available Tools
The Safeguard MCP Server provides 35+ tools across these categories:
Vulnerability Management
safeguard_find_vulnerabilities- Search for CVEs and vulnerabilitiessafeguard_get_vulnerability- Get detailed CVE informationsafeguard_check_exploitability- Check if CVE has known exploits (EPSS)safeguard_get_remediation- Get fix recommendations
SBOM Operations
safeguard_list_sboms- List all SBOMs in your accountsafeguard_get_sbom- Retrieve SBOM detailssafeguard_create_sbom- Generate new SBOMsafeguard_compare_sboms- Compare two SBOMs for differencessafeguard_analyze_sbom- Get security analysis of SBOMsafeguard_export_sbom- Export in CycloneDX/SPDX formats
Package Analysis
safeguard_find_packages- Search packages across all SBOMssafeguard_get_package- Get package details and metadatasafeguard_get_package_vulnerabilities- List vulnerabilities in packagesafeguard_get_package_licenses- Check package licenses
Griffin AI Remediation
safeguard_remediate_npm- Fix npm package.json vulnerabilitiessafeguard_remediate_pip- Fix Python requirements.txt vulnerabilitiessafeguard_remediate_maven- Fix Maven pom.xml vulnerabilitiessafeguard_remediate_go- Fix Go go.mod vulnerabilitiessafeguard_remediate_cargo- Fix Rust Cargo.toml vulnerabilitiessafeguard_get_remediation_plan- Get AI-generated remediation strategy
Project Management
safeguard_list_projects- List all projectssafeguard_get_project- Get project detailssafeguard_create_project- Create new projectsafeguard_get_project_sboms- Get all SBOMs for a projectsafeguard_get_project_metrics- Get security metrics
Policy & Compliance
safeguard_list_gates- List security policy gatessafeguard_evaluate_gate- Check if SBOM passes policysafeguard_create_gate- Create new policy gatesafeguard_get_compliance_report- Generate compliance report
SCM Integration
safeguard_add_github_integration- Connect GitHub repositorysafeguard_add_gitlab_integration- Connect GitLab repositorysafeguard_add_bitbucket_integration- Connect Bitbucket repositorysafeguard_add_azuredevops_integration- Connect Azure DevOpssafeguard_scan_repository- Scan SCM repository for vulnerabilitiessafeguard_list_scm_projects- List integrated repositories
Natural Language Query
safeguard_ask- Ask questions in natural languagesafeguard_chat- Multi-turn conversation with Griffin AI
Example Use Cases
1. Security Review Workflow
User: "Review the security of my production SBOMs"
Claude uses:
1. safeguard_list_sboms (filter: production)
2. safeguard_analyze_sbom (for each SBOM)
3. safeguard_find_vulnerabilities (critical severity)
4. Summarizes findings with risk assessment2. Vulnerability Remediation
User: "Fix the vulnerabilities in my package.json"
Claude uses:
1. safeguard_get_project (current project)
2. safeguard_find_vulnerabilities (in project)
3. safeguard_remediate_npm (with package.json content)
4. Returns updated package.json with fixes3. Compliance Check
User: "Check if my latest SBOM meets FedRAMP requirements"
Claude uses:
1. safeguard_list_gates (type: compliance)
2. safeguard_evaluate_gate (FedRAMP policy)
3. safeguard_get_compliance_report
4. Lists passing/failing criteria4. Repository Scanning
User: "Scan my GitHub repository for security issues"
Claude uses:
1. safeguard_add_github_integration
2. safeguard_scan_repository
3. safeguard_find_vulnerabilities (in scan results)
4. safeguard_get_remediation_planAuthentication
The MCP server supports API key authentication. Your API key is securely transmitted with each request and validated against Safeguard's Auth Service.
Security Best Practices
- Never commit API keys to version control
- Use environment variables in Claude Desktop config
- Rotate keys regularly (every 90 days)
- Use separate keys for different environments (dev/staging/prod)
- Revoke compromised keys immediately in Settings
Multi-Product Access
The MCP server provides access to all Safeguard products:
| Product | Description | MCP Access |
|---|---|---|
| SSCM | Software Supply Chain Management | SBOM operations, vulnerability scanning |
| Portal | Centralized security dashboard | Projects, metrics, reporting |
| TPRM | Third-Party Risk Management | Vendor assessment, risk scores |
| Gold Registry | Secure artifact registry | Package management, policy enforcement |
Data Handling
The Safeguard MCP Server:
✅ Only accesses data explicitly requested by the user through prompts ✅ Encrypts all data transmission using HTTPS/TLS ✅ Is stateless - the MCP server itself stores no data ✅ Is GDPR compliant with data retention per terms of service
Pricing
| Plan | Price | Features |
|---|---|---|
| Free | $0/month | 100 API calls/day, vulnerability scanning, basic SBOM analysis |
| Pro | $49/month | Unlimited API calls, advanced analytics, priority support, SCM integrations |
| Enterprise | Custom | Self-hosted option, SLA guarantees, 24/7 support, SOC 2 compliance |
Visit safeguard.sh/pricing for details.
Troubleshooting
Connection Issues
Problem: "Failed to connect to MCP server"
Solutions:
- Verify API key is correct and not expired
- Check internet connection
- Ensure Claude Desktop is up to date
- Check MCP server status at status.safeguard.sh
Authentication Errors
Problem: "Unauthorized" or "Invalid API key"
Solutions:
- Regenerate API key in Settings → API Keys
- Update
claude_desktop_config.jsonwith new key - Restart Claude Desktop
- Verify key starts with
sg_api_
Tool Errors
Problem: Tool returns an error or unexpected result
Solutions:
- Check tool input parameters match expected format
- Verify you have permissions for the requested operation
- Check API rate limits (100/day for free tier)
- Contact support at hi@safeguard.sh
Rate Limiting
Free tier users are limited to 100 API calls per day. Upgrade to Pro for unlimited access.
Support
- Email: hi@safeguard.sh
- Documentation: docs.safeguard.sh
- Status Page: status.safeguard.sh
- Response Time: 24 hours (free), 4 hours (paid)
System Requirements
| Component | Requirement |
|---|---|
| Claude Desktop | Latest version |
| Internet | Active connection required |
| API Key | Valid Safeguard account |
| Browser | For initial signup and API key generation |
Technical Details
- Endpoint:
https://mcp.safeguard.sh/mcp/sse - Transport: Server-Sent Events (SSE)
- Protocol: HTTPS only
- Uptime: 99.9% SLA (Enterprise)
- Response Time: < 2 seconds average
- Data Location: United States (AWS)
Privacy & Compliance
- Terms of Service: safeguard.sh/company/terms-and-conditions
- Privacy Policy: safeguard.sh/company/privacy-policies
- Compliance: SOC 2 Type II, GDPR, CCPA, ISO 27001
Related Developer Tools
IDE Extensions
Get real-time vulnerability detection directly in your IDE:
- VS Code Extension - Catch vulnerabilities as you write code with instant feedback and one-click remediation
- Cursor Extension - Same extension available for Cursor IDE via Open VSX
- JetBrains Plugin - For all JetBrains IDEs: IntelliJ IDEA, PyCharm, WebStorm, PhpStorm, GoLand, RubyMine, CLion, Rider, DataGrip, AppCode, and Android Studio
Next Steps
- Sign up for Safeguard
- Generate your API key
- Configure Claude Desktop (see Quick Start above)
- Try the example prompts
- Explore the full API Reference
Developer Resources
Official repositories and packages:
- MCP Server: mcp.safeguard.sh - Model Context Protocol server for AI assistants
- NPM: @safeguard-sh - Official NPM packages
- GitHub: Safeguard-sh - Open source tools and integrations
Feedback
We're constantly improving the MCP server. Share your feedback:
- Feature requests: hi@safeguard.sh
- Bug reports: hi@safeguard.sh
- General questions: hi@safeguard.sh
Ready to get started? Sign up now and connect Claude to your security workflow in under 5 minutes.