Powerful Features forComplete Visibility
Everything you need to monitor your software supply chain
Connect Your Repositories
Install the Guardian GitHub App or use a Personal Access Token to connect your repositories. We automatically detect and analyze all dependency manifest files.
- GitHub App or PAT authentication
- Automatic webhook updates on push
- Organization-wide or per-repo access
- Branch-specific tracking
Multi-Ecosystem Support
Parse dependency files from all major package ecosystems. We extract exact versions from lock files when available for precise vulnerability matching.
go.mod/go.sum- Go modulespackage.json/yarn.lock/pnpm-lock.yaml- Node.js (npm, yarn, pnpm)requirements.txt/Pipfile.lock- PythonCargo.toml/Cargo.lock- Rustpom.xml/build.gradle- JavaDockerfile/docker-compose.yml- Container images & packagesMakefile/.mise.toml- Tool versions
Multi-Source Vulnerability Database
Aggregated vulnerability data from three trusted open-source databases. Package-level vulnerabilities from GitHub Advisory Database (GHSA) and Google OSV, enriched with detailed CVE information from NIST NVD.
- GitHub Advisory Database (GHSA) - Curated security advisories for open-source packages
- Google OSV - Distributed vulnerability database for open-source ecosystems
- NVD - CVSS v3 scoring, CPE matching, and detailed vulnerability context
- Automatic version range analysis and affected package detection
- Daily synchronization across all sources
Instant Notifications
Get notified the moment a new vulnerability affects your tracked versions. Configure alert rules by severity, ecosystem, or project.
- Email notifications
- Slack webhooks
- Configurable severity thresholds
- Project-specific rules
express@4.17.1SBOM Generation
Generate Software Bill of Materials in industry-standard formats. Perfect for compliance requirements and supply chain transparency.
- CycloneDX 1.4+ JSON/XML
- SPDX 2.3 JSON format
- One-click export
- API-accessible
SAST Scanning
Static Application Security Testing with 15+ integrated security scanners. Find vulnerabilities in your source code before they reach production. Automatic deduplication by CWE and location.
- gosec, semgrep, bandit, bearer, grype, trivy
- checkov, kubesec, kube-score, detect-secrets
- npm audit, cve-bin-tool (12 tools total)
- CWE and CVE correlation
- Parallel scanning with smart deduplication
Intelligent Security Analysis
Leverage AI to cut through the noise. Automatically review findings for real-world exploitability, generate executive security reports, and create project-specific security rules.
- Finding Review - AI analyzes SAST findings to identify false positives vs true vulnerabilities
- CVE Impact Assessment - Evaluate real-world exploitability based on attack vectors and context
- Security Report Generation - Create comprehensive incident and scan reports with remediation guidance
- Impact Summaries - Executive-level summaries explaining security posture in plain language
- Custom Semgrep Rules - AI generates project-specific security rules based on codebase analysis
Asset Monitoring
Monitor your external attack surface with passive DNS-based discovery. Automatically find subdomains, track live domains, and maintain visibility into all your internet-facing assets.
- Passive DNS Discovery - Find subdomains without active scanning using historical DNS data
- Live Domain Probing - Automatically check which discovered domains are active and responding
- IP Resolution - Resolve and track IP addresses for live domains
- Host Tracking - Maintain an inventory of all hosts associated with your projects
- Continuous Monitoring - Scheduled discovery and probing keeps your asset inventory current
Incident Management
Track and manage security incidents from detection to resolution. Link vulnerabilities to incidents, maintain timelines, and coordinate response efforts across your team.
- Incident Lifecycle - Track incidents through open, investigating, mitigating, resolved, and closed states
- Alert Linking - Connect vulnerability alerts to incidents for full context
- Timeline Tracking - Maintain a detailed timeline of all incident actions and updates
- Assignment & Ownership - Assign incidents to team members for clear accountability
- AI-Enhanced Reports - Generate comprehensive incident reports with remediation guidance
Teams & Organizations
Manage access and collaboration at scale with multi-tenant organizations, team-based permissions, and role-based access control.
- Multi-Tenancy - Isolated organizations with separate projects, users, and settings
- Team Management - Organize users into teams with leads and members
- Role-Based Access - Admin, member, and viewer roles with granular permissions
- Project Access Control - Control which teams can access specific projects
- SSO Integration - Sign in with Google or GitHub for seamless authentication
PDF Report Export
Generate professional, styled PDF reports for stakeholders and compliance. Reports match the Guardian dark theme and include all relevant security details.
- Incident Reports - Comprehensive incident documentation with timelines
- Scan Reports - Project security posture with finding breakdowns
- Styled Output - Professional dark-themed PDFs matching the webapp
- Markdown Support - Rich formatting with code blocks and syntax highlighting
- One-Click Export - Generate and download reports instantly