Safeguard.sh Documentation Center
MCP Integrations

Cursor

Connect Safeguard's MCP server to the Cursor editor via its MCP settings.

Safeguard ships its own remote MCP (Model Context Protocol) server, so you can connect Cursor directly to your software supply chain security data and ask questions in plain language. The Cursor endpoint is https://mcp.safeguard.sh/mcp/cursor. Once connected, Cursor can query your vulnerabilities, SBOMs, packages, licenses, findings, and compliance data, generate AI remediation plans, compare SBOMs, manage SCM integrations, and enforce policy gates. The server exposes 190+ tools and also supports MCP resources and prompts.

What you can do

  • Query vulnerabilities, SBOMs, packages, licenses, findings, and compliance data across your tenant.
  • Generate AI-powered remediation plans for npm, pip, Maven, Go, and Cargo projects.
  • Compare SBOMs in both CycloneDX and SPDX formats.
  • Manage SCM integrations: GitHub, GitLab, Bitbucket, and Azure DevOps.
  • Run risk scoring and compliance reporting.
  • Enforce policy-gate checks for deployment readiness.

Connect

  1. Create your Safeguard account at https://app.safeguard.sh and generate an API key at https://app.safeguard.sh/settings/api-keys.
  2. In Cursor, open Settings, then MCP, then Add server.
  3. Add a server entry pointing at the endpoint https://mcp.safeguard.sh/mcp/cursor, using the mcp-remote bridge launched with npx.
  4. Supply your Safeguard API key via the SAFEGUARD_API_KEY environment variable.
  5. Reload Cursor — Safeguard's 190+ security tools are now available. Start asking questions.

Use this mcp-remote configuration block:

{
  "mcpServers": {
    "safeguard": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://mcp.safeguard.sh/mcp/cursor"],
      "env": { "SAFEGUARD_API_KEY": "<your-api-key>" }
    }
  }
}

Replace <your-api-key> with a key generated from https://app.safeguard.sh/settings/api-keys.

Authentication

You need a Safeguard account first. If you don't have one, create it at https://app.safeguard.sh — sign-up takes a minute. The Safeguard MCP server supports two authentication methods:

  • OAuth 2.0 — when your assistant supports it, you sign in to Safeguard and click Approve to grant access. No keys to copy.
  • API key — recommended for Cursor's MCP settings. Generate a key at https://app.safeguard.sh/settings/api-keys and supply it via the SAFEGUARD_API_KEY environment variable shown above.

Example prompts

List my security projects
Find critical vulnerabilities
Show me all SBOMs
Generate a remediation plan for my npm project
Which packages violate my license policy?

Endpoints

EndpointURL
Cursor MCP endpointhttps://mcp.safeguard.sh/mcp/cursor
API keyshttps://app.safeguard.sh/settings/api-keys
Safeguard accounthttps://app.safeguard.sh

Grok (xAI)

Connect Safeguard's MCP server to Grok by xAI using its MCP configuration.

Integrations

Every external system Safeguard connects to — source control, registries, clouds, identity, ticketing, notifications, SIEMs, and more.

On this page

What you can doConnectAuthenticationExample promptsEndpoints