Skip to main content
Discovery is Guardway’s AI-dependency inventory. Point it at your GitHub organization and it scans every repository to surface which LLM providers, AI services, SDKs, MCP tools, and gateway configs your codebase already touches — with a security score and a vulnerability list for each.
Discovery overview

What it finds

TypeExamples
LLM ProviderDirect imports or API calls to OpenAI, Anthropic, Google, Mistral, etc.
AI ServiceExternal AI services (moderation APIs, speech-to-text, image gen).
SDK DependencyAI-related packages in package.json, requirements.txt, etc.
MCP ToolRegistered MCP servers and tools.
Gateway ConfigGuardway or other AI-gateway configuration files.

How it works

1

Connect GitHub

In Settings → Integrations, add a GitHub Personal Access Token with repo and read:org scopes. See Integrations.
2

Sync organizations

Guardway pulls the list of orgs and repositories you can access.
3

Scan a repository

Guardway analyzes the repo’s manifests and code, detects AI dependencies, and stores the result as a set of findings.
4

Review the findings

Drill into any repo to see tabs for LLM Providers, AI Services, SDKs, MCPs, and Gateways; check the MCP security score; review SCA vulnerabilities.
5

Export an AIBOM

Download a CycloneDX 1.6 AI Bill of Materials for any scanned repo.

Where to next

Organizations

Sync orgs, scan repos, filter by status.

Findings

Drill into a repository, see the findings tabs, security scans, and AIBOM export.

Scope

Discovery is platform-scoped (cloud). It runs on Guardway’s control plane using the GitHub token you provide — no agent, no gateway required. Audit logs from scans still live on whichever gateway recorded the action, per the usual local-only rule.