Unified Findings & Feature Flags
Every security engine reports into one unified findings model, discriminated by type, with each engine independently admin-toggleable via server-enforced feature flags.
Unified Findings & Feature Flags
Safeguard's security engines don't each carry their own siloed inbox. Every engine reports into one unified findings model, and every engine is independently controllable through feature flags.
One model, discriminated by type
All engine findings share a single model discriminated by a type field, so you can view, filter, and correlate across engines in one place:
| Type | Source engine |
|---|---|
sast | Static analysis |
dast | Dynamic analysis |
redteam | Red Team — defensive adversary emulation |
aisec | AI-SPM — model-artifact scanning |
dspm | DSPM — sensitive-data classification |
runtime | Runtime Protection — CWPP/CNAPP |
sca | Software composition analysis |
Because findings share the model, they share correlation keys. A DAST-confirmed runtime issue can be linked to the SAST source-code sink that produced it and to the CNAPP correlation showing it's running, reachable, and exposed — so a confirmed, reachable, exploitable finding is prioritized together, across engines.
Every finding is tenant/org-scoped end to end (X-Tenant-Id, X-Org-Id, X-Descendant-Org-Ids).
Feature flags
Each engine is admin-toggleable via a feature flag. Two things matter here:
- Server-side enforcement. Flags are enforced on the server — a disabled engine is genuinely off, not merely hidden in the UI. Disabling an engine stops it from running and from returning data, not just from being displayed.
- Independent control. You can enable AppSec (SAST/DAST) without enabling Red Team, run DSPM without Runtime, and so on — each engine is its own switch.
Querying
Filter the unified view by engine type and the usual finding attributes:
safeguard findings list --engine sast --severity high
safeguard findings list --engine dast --status open
safeguard findings list --engine redteam
safeguard findings list --engine dspmRelated
- Application Security Testing (SAST & DAST)
- Red Team
- AI-SPM · DSPM · Runtime Protection
- Package Firewall · AutoTriage
- Guardrails & Enforcement — using findings as policy gates.
AutoTriage
Cross-scanner deduplication and noise reduction that cuts finding volume with a measured reduction metric — and never suppresses malware or secrets findings.
Endpoint Security (EDR/EPP)
Roadmap — a lightweight cross-OS endpoint agent for EDR telemetry, behavioral detection, gated response, and (later) NGAV prevention, feeding the SecOps SIEM/XDR.