Web Application
The Safeguard web application — the primary interface for ESSCM, Portal, TPRM, and OSM in any modern browser.
Web Application
The Safeguard web app at app.safeguard.sh is the primary interface to every product. It runs in any modern browser and requires no installation.
URL and Access
| Environment | URL |
|---|---|
| Production (US) | https://app.safeguard.sh |
| Production (EU) | https://eu.app.safeguard.sh |
| Government (FedRAMP HIGH) | https://gov.app.safeguard.sh (authorized users only) |
| Documentation | https://docs.safeguard.sh |
| Status | https://status.safeguard.sh |
Single sign-on: SAML 2.0 and OIDC supported for Enterprise tenants. Configure under Settings → Organization → Identity Providers.
What's in the Web App
Every product is a section of the same app:
- ESSCM — SBOM generation, vulnerabilities, policies, attestation, code quality, findings, auto-fix.
- Portal — centralized SBOM management and secure sharing with third parties.
- TPRM — vendor inventory, questionnaires, SBOM-backed vendor assessment.
- OSM — open source intelligence, Gold registry, package security.
A global search bar (/ shortcut) runs queries across all products using the asset graph (see Asset Discovery).
Supported Browsers
| Browser | Minimum version | Notes |
|---|---|---|
| Chrome / Chromium | 120+ | Recommended. Receives feature updates first. |
| Edge | 120+ | Full parity with Chrome. |
| Firefox | 125+ | Full parity except experimental WebGPU dashboards. |
| Safari | 17.4+ | Full parity on macOS 13+ and iOS 17+. |
The app is a Progressive Web App (PWA). On desktop, install it via the browser's "Install app" prompt for a standalone window and faster launch.
Mobile Web
The app is responsive for tablets and phones. Mobile coverage is focused on review and notification workflows:
- Reviewing and approving Griffin-proposed remediations.
- Acknowledging alerts.
- Reading findings and advisories.
- Approving exceptions.
Heavy operations (writing workflows, editing policies, deep SBOM inspection) are best done on desktop.
Authentication
- Email + passkey (default).
- TOTP or hardware security keys (WebAuthn) for high-assurance.
- SSO (SAML / OIDC) for Enterprise.
- Break-glass local accounts for emergency access, disabled by default.
Sessions expire after 8 hours (idle) or 24 hours (absolute) by default; Enterprise tenants can tighten these.
Real-Time Updates
The web app uses WebSocket and Server-Sent Events for live updates:
- New vulnerabilities appear without a reload.
- Griffin remediation progress streams as the model works.
- Workflow runs show step state in real time.
Performance
- Initial bundle size ~180 KB gzipped for the shell; product modules lazy-load.
- P95 time-to-interactive under 2.5 seconds on a 4G connection.
- Pages cached via stale-while-revalidate; re-authentication is automatic on token rotation.
Offline
The web app is not designed for offline use. For offline and air-gapped workflows, use the Desktop Application.
Keyboard Shortcuts
| Shortcut | Action |
|---|---|
/ | Focus global search |
g h | Go to home |
g v | Go to vulnerabilities |
g p | Go to policies |
g w | Go to workflows |
c | Create (context-aware: new policy, new workflow, new project) |
? | Show all shortcuts |
Accessibility
- WCAG 2.2 AA conformance.
- Full keyboard navigation.
- High-contrast and reduced-motion themes.
- Screen reader support for all data tables.
Data Residency
- US tenancy — data stored in
us-east-1andus-west-2. - EU tenancy — data stored in
eu-west-1andeu-central-1. - Government tenancy — data stored in AWS GovCloud or Azure Government.
Tenancy is chosen at signup and cannot be changed without a data-migration engagement.
Related
- Desktop Application — native app for local projects and offline.
- MCP Server — use the same capabilities from Claude or ChatGPT.
- API Reference — programmatic access.
- CLI — command-line access.