Platform Capabilities

Powerful Features forComplete Visibility

Everything you need to monitor your software supply chain

GitHub Integration

Connect Your Repositories

Install the Guardian GitHub App or use a Personal Access Token to connect your repositories. We automatically detect and analyze all dependency manifest files.

  • GitHub App or PAT authentication
  • Automatic webhook updates on push
  • Organization-wide or per-repo access
  • Branch-specific tracking
repositories: 24
last_scan: 2 min ago
dependencies: 1,847
Dependency Discovery

Multi-Ecosystem Support

Parse dependency files from all major package ecosystems. We extract exact versions from lock files when available for precise vulnerability matching.

  • go.mod / go.sum - Go modules
  • package.json / yarn.lock / pnpm-lock.yaml - Node.js (npm, yarn, pnpm)
  • requirements.txt / Pipfile.lock - Python
  • Cargo.toml / Cargo.lock - Rust
  • pom.xml / build.gradle - Java
  • Dockerfile / docker-compose.yml - Container images & packages
  • Makefile / .mise.toml - Tool versions
Go
npm
PyPI
Cargo
Maven
Docker
Vulnerability Database

NVD Integration

Continuously synced with the National Vulnerability Database. Over 200,000 CVEs indexed and searchable. Match dependencies against known vulnerabilities automatically.

  • Daily NVD synchronization
  • CVSS v3 scoring
  • CPE matching for accurate results
  • Version range analysis
12 Critical
47 High
156 Medium
892 Low
Alerting

Instant Notifications

Get notified the moment a new vulnerability affects your tracked versions. Configure alert rules by severity, ecosystem, or project.

  • Email notifications
  • Slack webhooks
  • Configurable severity thresholds
  • Project-specific rules
New Vulnerability Alert
CVE-2024-1234 affects express@4.17.1
Severity: High
Compliance

SBOM Generation

Generate Software Bill of Materials in industry-standard formats. Perfect for compliance requirements and supply chain transparency.

  • CycloneDX 1.4+ JSON/XML
  • SPDX support (coming soon)
  • One-click export
  • API-accessible
CycloneDX
Components: 247
Export JSON
Code Security

SAST Scanning

Static Application Security Testing with 15+ integrated security scanners. Find vulnerabilities in your source code before they reach production. Automatic deduplication by CWE and location.

  • gosec, semgrep, bandit, bearer, grype, checkov
  • detect-secrets, CodeQL, npm audit
  • CWE and CVE correlation
  • Parallel scanning with configurable concurrency
  • Smart deduplication across tools
SAST Results
3 Critical
12 High
47 Medium
15 tools scanned

Ready to Get Started?

Connect your first project in under 5 minutes.

View PricingGo to Dashboard