Safeguard.sh Documentation Center
MCP Integrations

ChatGPT (OpenAI)

Connect Safeguard to ChatGPT with a Custom GPT Action, or via the OpenAI MCP endpoint.

Safeguard exposes a REST/OpenAPI surface and an MCP (Model Context Protocol) server, so you can bring your software supply chain security data into ChatGPT by OpenAI. The recommended path is a Custom GPT Action that imports Safeguard's OpenAPI schema from https://mcp.safeguard.sh/openapi.json. Once connected, ChatGPT can query your vulnerabilities, SBOMs, packages, licenses, findings, and compliance data, generate AI remediation plans, compare SBOMs, manage SCM integrations, and enforce policy gates. The server exposes 190+ tools.

What you can do

  • Query vulnerabilities, SBOMs, packages, licenses, findings, and compliance data across your tenant.
  • Generate AI-powered remediation plans for npm, pip, Maven, Go, and Cargo projects.
  • Compare SBOMs in both CycloneDX and SPDX formats.
  • Manage SCM integrations: GitHub, GitLab, Bitbucket, and Azure DevOps.
  • Run risk scoring and compliance reporting.
  • Enforce policy-gate checks for deployment readiness.

Connect

  1. Create your Safeguard account at https://app.safeguard.sh and generate an API key at https://app.safeguard.sh/settings/api-keys.
  2. In ChatGPT, create a Custom GPT and open the Configure tab, then Actions, then Create new action.
  3. Choose Import from URL and enter the OpenAPI schema URL https://mcp.safeguard.sh/openapi.json.
  4. Under Authentication, select API Key with Auth Type Bearer, and paste your Safeguard API key.
  5. Save the GPT — Safeguard's 190+ security tools are now available. Start asking questions.

If you use MCP-capable OpenAI tooling, you can instead point it at the MCP endpoint with the mcp-remote bridge:

{
  "mcpServers": {
    "safeguard": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://mcp.safeguard.sh/mcp/openai"],
      "env": { "SAFEGUARD_API_KEY": "<your-api-key>" }
    }
  }
}

Replace <your-api-key> with a key generated from https://app.safeguard.sh/settings/api-keys.

Authentication

You need a Safeguard account first. If you don't have one, create it at https://app.safeguard.sh — sign-up takes a minute. For ChatGPT, authentication uses a Bearer API key:

  • API key — generate a key at https://app.safeguard.sh/settings/api-keys and supply it as the Bearer token in the Custom GPT Action authentication settings, or via the SAFEGUARD_API_KEY environment variable for MCP tooling.

Example prompts

List my security projects
Find critical vulnerabilities
Show me all SBOMs
Generate a remediation plan for my npm project
Which packages violate my license policy?

Endpoints

EndpointURL
OpenAPI schema (Custom GPT Action)https://mcp.safeguard.sh/openapi.json
MCP endpoint (OpenAI)https://mcp.safeguard.sh/mcp/openai
API keyshttps://app.safeguard.sh/settings/api-keys
Safeguard accounthttps://app.safeguard.sh

Claude

Connect Safeguard's MCP server to Claude (Claude.ai and Claude Desktop) to query your software supply chain security in natural language.

Anthropic

Connect Safeguard's MCP server to Anthropic's Claude using the Safeguard Security custom connector.

On this page

What you can doConnectAuthenticationExample promptsEndpoints