DevGuard Logo
PricingDocumentation
GitHubGitHub
  • Introduction
    • Quickstart
    • Installation
    • Your First Scan
    • DevGuard's Key Concepts in 5 Minutes
      • For Compliance Officers
      • For Developers
      • For Devops
      • For Security Teams
    • Overview
      • Managing Vulnerabilities
      • Setting up Projects
      • Understanding Sbom
      • First Scan
      • Creating Mitigation Plans
      • Risk Assessment
      • Tracking Remediation
      • Triaging Vulnerabilities
      • GitHub Actions Setup
      • GitHub Actions Workflows
      • GitLab CI Components
      • GitLab CI Setup
      • Audit Trails
      • Cyber Resilience Act
      • Generating Csaf Reports
      • Iso 27001 Mapping
      • Dependency Proxy Setup
      • Discover Base Image Attestations
      • Multi Tenant Setup
      • Supply Chain Security
      • Introduction & Definitions
      • Container Hardening Process
      • CVE Decision Guide
      • Container Hardening Checklist
      • Examples
    • Overview
      • Scan OCI Images
      • Scan Source Code
      • Scan Dependencies
      • Scan with GitHub Actions
      • Scan with GitLab CI
      • Upload SBOM
      • Upload VEX
      • Scheduled Scans
      • CSAF - Common Security Advisory Framework
      • Sync External Vulnerability Data (VeX Ingestion)
      • Create Vulnerability Events
      • Customize Risk Scores
      • Track Fix Progress
      • View Dependency Tree
      • Find Vulnerable Dependencies
      • Manage License Compliance
      • Override License Decisions
      • Search for Components
      • Create Webhook
      • Custom Webhooks
      • Webhook Events
      • Webhook Security
        • Auto Setup
        • Permission Sync
        • Setup GitHub Integration
        • Webhooks
        • Permission Sync for GitLab Integration
        • Setup GitLab Integration
        • Webhook
        • Connect Jira Integration
        • Issue Creation in Jira Integration
        • Sync Status in Jira Integration
      • Dependency Proxy
        • Cache Management
        • Malicious Package Blocking
        • Setup Go Proxy
        • Setup NPM Proxy
        • Setup PyPI Proxy
        • Create in-toto Links
        • Manage Attestations
        • Signing Artifacts
        • Verify Supply Chain
        • Manage Users and Members
        • Create and Manage API Tokens
      • View Compliance Dashboards
      • Manage Compliance & Attestation Policies
      • View Vulnerability Event History
      • Export SBOM Documents
      • Generate CSAF Reports
      • Generate VEX Documents
      • Authenticate with API
      • Manage Assets via API
      • Query Vulnerabilities
      • Upload Scan Results
      • Webhooks API
      • Overview
      • Deploy with Helm
      • Deploy with Docker Compose
      • Backup & Restore
      • Monitoring & Metrics
      • Upgrade DevGuard
      • Database Maintenance
      • OIDC/ SSO & Restricting Access
      • Customize the UI
      • Uninstalling DevGuard
    • API Reference
      • Attest
      • Attestations
      • Clean
      • Container Scanning
      • Curl
      • Discover Baseimage Attestations
      • Fetch Links
      • Generate Tag
      • Get
      • Help
      • Iac
      • Inspect Devguard Token
      • Intoto
      • Kyverno2sarif
      • Login
      • Merge Sboms
      • Run
      • Sarif
      • Sarif2markdown
      • Sast
      • Sbom
      • Sca
      • Secret Scanning
      • Setup
      • Sign
      • Slug
      • Start
      • Stop
      • Verify
      • Version
      • Vex
      • Full
      • Secret Scanning
      • Static Application Security Testing
      • Infrastructure as Code
      • Software Composition Analysis
      • Container Scanning
      • Build Image
      • Sign Image
      • Deploy Image
      • Dependency Risk Identification
      • Code Risk Identification
      • Full
      • Secret Scanning
      • Static Application Security Testing
      • Infrastructure as Code
      • Software Composition Analysis
      • Container Scanning
      • Build Image
      • Sign Image
      • Deploy Image
      • Dependency Risk Identification
      • Code Risk Identification
      • Data Sources
      • Malicious Packages
      • CVE Enrichment
      • Exploitability Data
      • Update Schedule
    • Overview
      • What Is DevGuard?
      • Hierarchy of DevGuard
      • Branching Models
      • Artifacts
      • Dependency vs. First-Party
      • Risk Calculation
      • Open Standards
      • System Overview
      • Data Flow
      • Security Model
      • Database Schema
      • Authentication Flow
      • Scanner Architecture
      • Scalability
      • Vulnerability Matching
      • Vulnerability Lifecycle
      • Risk Assessment Methodology
      • Mitigation Strategies
      • False Positives
      • Vulnerability Event System
      • External Vulnerability Synchronization
      • What about License?
      • DevGuard License Detection
      • What is Supply Chain Security?
      • In-Toto Framework
      • Attestations
      • Supply Chain Verification
      • SLSA Framework
      • Provenance Tracking
      • Understanding OWASP DevSecOps Pipeline
      • Secret Scanning
      • Software Composition Analysis (SCA)
      • Static Application Security Testing (SAST)
      • Infrastructure as Code (IaC)
      • Container Scanning
      • Dynamic Application Security Testing (DAST)
      • Why Compliance Matters
      • Cyber Resiliance Act
      • ISO 27001
      • CSAF and VEX
      • CycloneDX vs SPDX
      • Audit Logging
      • Compliance as Code
      • Overview
      • In-Toto & DevGuard
      • Achieving SLSA Level 3 (GitLab only)
    • Personal Access Tokens
    • SBOM Problem Statement
    • Explaining SBOMs
      • Dependency Proxy Security
      • Malicious Package Detection
      • API Security
      • Cache Integrity
      • RBAC Model
      • Secrets Management
      • External Entity Providers
      • GitHub Integration
      • GitLab Integration
      • Integration Architecture
      • Jira Integration
      • Webhook System
      • Daemon Pipeline
      • Performance Optimization
      • Fixed Version Detection
      • Open Source Insights
      • Multi Tenancy
      • Statistics Calculation
    • Tool Comparison Overview
    • AboutCode vs DevGuard
    • Getting Started
    • Roadmap
    • Code of Conduct
    • About DevGuards Creators
    • Sponsors & Partners
    • Acknowledgements
Question? Give us feedback →Edit this page
OtherSponsors & Partners

Sponsors & Partners

We are proud to be supported and working together with the following organizations:

OWASP
openCode
openDesk
Hochschule Bonn-Rhein-Sieg
Universität Gießen
heylogin
csp
Ikor One
Cronn GmbH
Bonn Consulting Group
WhereGroup
DIGITALHUB.DE
Wetteronline
SaltRock GmbH
SaltRock GmbH
About DevGuards CreatorsAcknowledgements
DevGuard Logo

The bond between the most important building blocks of software security - simple, powerful & European🇪🇺

GitHubGitHubGitLabGitLabopenCodeopenCode

Product

  • Getting started
  • How to Guides
  • Core Concepts
  • Administration
  • Contributing

Support

  • Submit ticket
  • Documentation
  • Status Page

Company

  • Homepage (DE)
  • Publications (DE)
  • Jobs

Legal

  • Imprint
  • Privacy policy
  • License
  • Terms of Use (SaaS)

© 2026 L3montree GmbH and the DevGuard Contributors