Safeguard.sh Documentation Center
MCP Integrations

Microsoft Copilot

Connect Safeguard's MCP server to Microsoft Copilot (Microsoft, USA) using its MCP configuration.

Safeguard ships its own remote MCP (Model Context Protocol) server, so you can connect Microsoft Copilot by Microsoft (USA) directly to your software supply chain security data and ask questions in plain language. The endpoint is https://mcp.safeguard.sh/mcp. Once connected via the Copilot Studio MCP connector, Copilot can query your vulnerabilities, SBOMs, packages, licenses, findings, and compliance data, generate AI remediation plans, compare SBOMs, manage SCM integrations, and enforce policy gates. The server exposes 190+ tools and also supports MCP resources and prompts.

What you can do

  • Query vulnerabilities, SBOMs, packages, licenses, findings, and compliance data across your tenant.
  • Generate AI-powered remediation plans for npm, pip, Maven, Go, and Cargo projects.
  • Compare SBOMs in both CycloneDX and SPDX formats.
  • Manage SCM integrations: GitHub, GitLab, Bitbucket, and Azure DevOps.
  • Run risk scoring and compliance reporting.
  • Enforce policy-gate checks for deployment readiness.

Connect

  1. Create your Safeguard account at https://app.safeguard.sh and generate an API key at https://app.safeguard.sh/settings/api-keys.
  2. Open the Copilot Studio MCP connector configuration.
  3. Add a server entry pointing at the endpoint https://mcp.safeguard.sh/mcp, using the mcp-remote bridge launched with npx.
  4. Supply your Safeguard API key via the SAFEGUARD_API_KEY environment variable.
  5. Reload Copilot — Safeguard's 190+ security tools are now available. Start asking questions.

Use this generic mcp-remote configuration block:

{
  "mcpServers": {
    "safeguard": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://mcp.safeguard.sh/mcp"],
      "env": { "SAFEGUARD_API_KEY": "<your-api-key>" }
    }
  }
}

Replace <your-api-key> with a key generated from https://app.safeguard.sh/settings/api-keys.

Authentication

You need a Safeguard account first. If you don't have one, create it at https://app.safeguard.sh — sign-up takes a minute. The Safeguard MCP server supports two authentication methods:

  • OAuth 2.0 — when your assistant supports it, you sign in to Safeguard and click Approve to grant access. No keys to copy.
  • API key — recommended for the Copilot Studio MCP connector. Generate a key at https://app.safeguard.sh/settings/api-keys and supply it via the SAFEGUARD_API_KEY environment variable shown above.

Example prompts

List my security projects
Find critical vulnerabilities
Show me all SBOMs
Generate a remediation plan for my npm project
Which packages violate my license policy?

Endpoints

EndpointURL
MCP endpointhttps://mcp.safeguard.sh/mcp
API keyshttps://app.safeguard.sh/settings/api-keys
Safeguard accounthttps://app.safeguard.sh

Aleph Alpha

Connect Safeguard's MCP server to Aleph Alpha (Germany) using its MCP configuration.

Meta AI (Llama)

Connect Safeguard's MCP server to Meta AI (Llama) by Meta (USA) using its MCP configuration.

On this page

What you can doConnectAuthenticationExample promptsEndpoints