One scanner.
Every system
of record.
Forward HarborGuard's container vulnerability findings into the tools your security, compliance, and engineering teams already use — on a continuous schedule, with credentials encrypted at rest and zero per-scan plumbing.
Shipped and syncing.
Two integrations are live in production today. Both run on the same 15-minute state-of-world replace pattern, so the operational shape — credentials, audit events, failure handling — is identical across providers.
Compliance evidence, continuously synced
Vanta
Push HarborGuard's open vulnerability findings into a Vanta Private API source. State-of-world replace every 15 minutes — remediated findings disappear automatically, no manual reconciliation.
- Private API token + integration/source ID
- 15-minute sweep, state-of-world replace per source
- Failures fire integration_sync_failed notifications
- Pause without disconnecting (Enabled toggle)
Findings inside the GitHub Security tab
GitHub Code Scanning
Upload per-image SARIF analyses to a repository's Security → Code scanning tab. Each image gets its own SARIF category, so multiple images can share a repo without overwriting each other.
- Classic PAT, fine-grained PAT, or GitHub App token
- GitHub Enterprise Server supported (https only)
- Up to 100 image → (repo, ref) mappings per org
- Orphan cleanup closes alerts when mappings are removed
Every integration, the same shape.
Pull, not push
A single cron worker walks every org every 15 minutes and pushes the complete current state. No per-scan webhooks to wire up; a missed run self-heals on the next sweep.
State-of-world replace
Each sync uploads the full set of findings scoped to the integration. Anything no longer present is removed on the target side — there's no append/delete drift to reconcile.
Credentials encrypted at rest
Tokens are AES-256-GCM envelope-encrypted before they touch Postgres and are never returned to the browser. The settings UI only ever shows the last four characters.
Pluggable framework
Each provider lives in src/lib/integrations/<provider>/ with five files: adapter, HTTP client, Zod schema, mappers, and a React config card. New providers ship in the same shape.
What we're building next.
The integrations framework is pluggable — each provider is a five-file folder. These are queued up next. If one is blocking your team, let your account contact know and we'll prioritize.
Slack
Native channel-aware alerting beyond webhooks
PagerDuty
Service-aware incidents with auto-resolve
Jira
Per-finding tickets with SLA fields
Datadog
Vulnerability metrics + dashboards
Snyk
Cross-import for app-layer projects
Sentry
Release health correlated with CVEs
AWS
Security Hub finding ingest
Azure
Defender for Cloud sync
Google Cloud
Security Command Center sync
GitLab
Container scanning report uploads
Opsgenie
On-call routing for SLA breaches
Okta
SCIM + automated role provisioning
Connect an integration in under five minutes.
Generate a token in the destination tool, paste it into HarborGuard, hit save. The first sync runs within the next sweep — or trigger it on demand.