One scanner.
Every system
of record.
Forward HarborGuard's container vulnerability findings into the tools your security, compliance, and engineering teams already use — on a continuous schedule, with credentials encrypted at rest and zero per-scan plumbing.
harborguard
Vanta
GitHub Code Scanning
Slack
PagerDuty
Jira
Datadog
Snyk
Sentry
Opsgenie
GitLab
Drata
Secureframe
Shipped and syncing.
Two integrations are live in production today. Both run on the same continuous state-of-world replace pattern, so the operational shape — credentials, audit events, failure handling — is identical across providers.
Compliance evidence, continuously synced
Vanta
Push HarborGuard's open vulnerability findings into a Vanta Private API source. State-of-world replace on a continuous schedule — remediated findings disappear automatically, no manual reconciliation.
- Private API token + integration/source ID
- Continuous sweep, state-of-world replace per source
- Failures fire sync-failed notifications through your configured channels
- Pause without disconnecting (Enabled toggle)
Findings inside the GitHub Security tab
GitHub Code Scanning
Upload per-image SARIF analyses to a repository's Security → Code scanning tab. Each image gets its own SARIF category, so multiple images can share a repo without overwriting each other.
- Classic PAT, fine-grained PAT, or GitHub App token
- GitHub Enterprise Server supported (https only)
- Up to 100 image → (repo, ref) mappings per org
- Orphan cleanup closes alerts when mappings are removed
Every integration, the same shape.
Pull, not push
A single sync worker walks every org on a continuous schedule and pushes the complete current state. No per-scan webhooks to wire up; a missed run self-heals on the next sweep.
State-of-world replace
Each sync uploads the full set of findings scoped to the integration. Anything no longer present is removed on the target side — there's no append/delete drift to reconcile.
Credentials encrypted at rest
Tokens are AES-256-GCM envelope-encrypted before they touch Postgres and are never returned to the browser. The settings UI only ever shows the last four characters.
Pluggable framework
Each provider is a small, self-contained adapter: an HTTP client, a validation schema, a set of mappers, and a config card. New providers ship in the same shape, so behavior — credentials, audit events, failure handling — is identical across vendors.
What we're building next.
The integrations framework is pluggable — each provider is a small, self-contained adapter. These are queued up next. If one is blocking your team, let your account contact know and we'll prioritize.
Slack
Native channel-aware alerting beyond webhooks
PagerDuty
Service-aware incidents with auto-resolve
Jira
Per-finding tickets with SLA fields
Datadog
Vulnerability metrics + dashboards
Snyk
Cross-import for app-layer projects
Sentry
Release health correlated with CVEs
AWS
Security Hub finding ingest
Azure
Defender for Cloud sync
Google Cloud
Security Command Center sync
GitLab
Container scanning report uploads
Opsgenie
On-call routing for SLA breaches
Okta
SCIM + automated role provisioning
Drata
Push HarborGuard vulnerability + compliance evidence into Drata
Secureframe
Push HarborGuard vulnerability + compliance evidence into Secureframe
Connect an integration in under five minutes.
Generate a token in the destination tool, paste it into HarborGuard, hit save. The first sync runs within the next sweep — or trigger it on demand.