Software Security Monitoring

Know Your VulnerabilitiesBefore Adversaries Do

AI-powered application security platform. From supply chain analysis and deep code audits to custom Semgrep rules and executive reports — with an MCP server that lets your AI assistant manage it all.

Get StartedView Features
33MCP Tools
4AI Agents
200K+CVEs Tracked
18+Ecosystems
15+SAST Tools
The Challenge

Security Chaos Across Your Stack

Managing security across multiple enterprise projects can be overwhelming

Scattered Alerts

Dependabot alerts drowning each repo. No central view of what actually matters.

Manual Tracking

Maintaining spreadsheets of versions is tedious and always outdated.

Slow Response

When a critical CVE drops, you need answers in minutes, not hours.

AI-Powered

Security Intelligence, Automated

Four specialized AI agents work in concert to analyze, assess, and protect your codebase

AI Security Audit

Deep 3-phase code analysis finds logic flaws, race conditions, and design issues that traditional SAST tools miss entirely.

ReconnaissanceAnalysisLogic Review

Vulnerability Assessment

AI reviews every finding for real-world exploitability. Assigns relevance scores, detects false positives, and generates proof-of-concept exploits.

True PositivesFalse Positives0.0 - 1.0 Score

Custom Semgrep Rules

A 4-agent pipeline analyzes your codebase and generates targeted security rules. Per-project customization catches what generic rulesets miss.

AnalyzeImplementVerifyFix

Executive Reports

Generate org-wide and per-project security reports with AI-written executive summaries, risk assessments, and prioritized remediation guidance.

PDFMarkdownEmail Delivery
MCP Integration

Your AI Assistant Speaks Guardian

A full Model Context Protocol server lets Claude Code, Cursor, Windsurf, and other AI tools directly query and manage your security posture

AI Assistant
MCP Protocol
Guardian
16
Query Tools
Explore vulnerabilities, dependencies, findings, alerts
6
Analysis Tools
PoC generation, compliance checks, security reports
11
Action Tools
Create fix PRs, trigger scans, manage incidents
Claude Code
$ Are we affected by CVE-2024-3094?
guardian.search_cve
> Found in 2 projects: api-gateway (xz-utils 5.6.0), infra-tools (xz 5.6.1). Both versions are in the affected range. Critical severity - CVSS 10.0.
$ Create fix PRs for both
guardian.create_dependency_fix_pr
> Created PR #847 for api-gateway and PR #312 for infra-tools. Both upgrade to xz-utils 5.6.2.
Works with
Claude CodeCursorWindsurfAny MCP Client
The Platform

Complete Security Visibility

Everything you need to secure your software supply chain, in one platform

01

Multi-VCS Integration

Connect GitHub, GitLab, Bitbucket, Azure DevOps, Gitea, or SVN repositories. We automatically discover all dependency files and track versions in real-time.

02

Dependency Discovery

18+ ecosystems supported: Go, Node.js, Python, Rust, Java, Ruby, PHP, .NET, Docker, Kubernetes, Helm, Terraform, and more.

03

Multi-Source Vulnerability Intelligence

Aggregated data from three open-source vulnerability databases: GitHub Advisory Database (GHSA) and Google OSV for package vulnerabilities, plus NVD for enriched CVE details with CVSS scoring and CPE matching.

04

Instant Alerts

Get notified immediately when a new vulnerability affects any of your tracked versions. Email, Slack, or webhooks.

05

SBOM Generation

Export CycloneDX and SPDX 2.3 compliant SBOMs for compliance. One click per project, always up-to-date.

06

SAST Scanning

Static Application Security Testing with 15+ tools. Find vulnerabilities in source code with CWE-based deduplication.

07

GitHub App Integration

Install the Guardian GitHub App for fine-grained, tokenless repository access. Automatic webhook-driven scans on every push and pull request. OAuth installation flow with zero PAT management.

08

AI Security Audit

A 3-phase AI agent explores your codebase to find logic flaws, race conditions, TOCTOU bugs, and insecure design patterns that static analysis cannot detect.

09

AI Vulnerability Assessment

Every finding is reviewed for real-world exploitability with a 0.0-1.0 relevance score. False positives are identified automatically. Proof-of-concept generation validates true threats.

10

Custom Semgrep Rules

A 4-agent AI pipeline generates project-specific security rules targeting your exact tech stack. Org-level and per-project rule hierarchies with granular control.

11

Executive Security Reports

AI-generated org-wide and per-project reports with executive summaries, risk assessments, top risks, and prioritized recommendations. Export as PDF or Markdown.

12

MCP Server

33 tools across query, analysis, and action categories. Let Claude Code, Cursor, or any MCP-compatible AI assistant directly manage your security posture.

13

Asset Monitoring

Monitor your attack surface with passive DNS-based subdomain discovery. Automatically discover live domains and subdomains, track IP addresses, and get visibility into your external-facing assets across all projects.

14

License Tracking

Automatically detect licenses in all your dependencies. Get alerts when forbidden licenses like GPL or AGPL are found. Ensure compliance across all projects.

15

Central Dashboard

See all projects, all vulnerabilities, all dependencies in one place. Filter by severity, ecosystem, or project.

Integrations

Connect Any Repository

Seamlessly integrate with all major version control systems and hosting platforms

GitHub App

GitHub

First-class GitHub App with OAuth installation flow, automatic webhook-driven scans on push and PR events. Also supports PAT and GitHub Enterprise Server.

GitHub AppWebhooksPAT FallbackEnterprise

GitLab

GitLab.com and self-hosted GitLab instances with custom URL configuration

Self-Hosted SupportPersonal Access Token

Bitbucket

Bitbucket Cloud integration with workspace and repository access

App Password AuthWorkspace Access

Azure DevOps

Azure Repos integration with organization and project support

Personal Access TokenOrganization Repos

Gitea

Gitea and Forgejo self-hosted instances with configurable base URL

Self-HostedLightweight

SVN

Apache Subversion support with full checkout capabilities for legacy systems

Legacy SupportFull Checkout
Coverage

Supported Ecosystems

Comprehensive coverage across languages, package managers, and infrastructure-as-code

Languages & Package Managers

Gogo.mod
Node.jsnpm, yarn, pnpm
Pythonrequirements.txt, pyproject.toml
RustCargo.toml
Javapom.xml, build.gradle
RubyGemfile
PHPcomposer.json
.NET*.csproj, packages.config

Containers & Infrastructure

DockerDockerfile
Kubernetesdeployment.yaml
HelmChart.yaml, values.yaml
Terraform.tf, .terraform.lock.hcl
OpenTofu*.tofu
PulumiPulumi.yaml
CloudFormationtemplate.yaml
Ansiblerequirements.yml

Development Tools

MakefileMakefile, *.mk
Mise.mise.toml, .tool-versions
Use Cases

Answer Questions Instantly

Questions that used to take hours now take seconds

$ Is any of our projects vulnerable to CVE-2024-XXXX?
> Search by CVE ID and see all affected projects in one view.
$ What version of lodash are we using in Project X?
> Complete dependency inventory per project with exact versions.
$ Which projects share the same vulnerable dependency?
> Cross-project analysis shows shared dependencies and vulnerabilities.
$ Do we have any critical vulnerabilities we need to fix today?
> Filter by severity. See critical issues first, with fix recommendations.
$ Are any of our projects using GPL-licensed dependencies?
> License tracking shows all dependency licenses. Get alerts for forbidden licenses.
$ Which SAST findings are actually exploitable vs false positives?
> AI reviews each finding for real-world exploitability. Prioritize true positives automatically.
$ What subdomains and hosts are exposed for our production domain?
> Passive DNS discovery finds all subdomains. Live domain probing shows active assets.
AI
$ Generate an executive security report for the board meeting
> AI generates org-wide report with exec summary, risk assessment, top risks by project, and prioritized recommendations. Export as PDF.
AI
$ What custom security rules should we have for our Go API service?
> AI analyzes your codebase, generates 5 targeted Semgrep rules for auth middleware, SQL injection in raw queries, and missing rate limiting.
MCP
$Ask Claude Code: "Check if any project uses a vulnerable version of openssl"
>Claude calls guardian.search_dependencies, finds 3 projects with openssl < 3.1.4, then calls guardian.create_dependency_fix_pr to patch them.
AI Audit
$ Run a deep security audit on our payments service
> AI agent explores the codebase in 3 phases, finds a TOCTOU race condition in balance checks and an auth bypass in the webhook handler. High confidence.

Start Monitoring Your Assets

Connect your first project in under 5 minutes. No credit card required.

Get Started FreeExplore All Features