
What it finds
How it works
1
Connect GitHub
On Settings → Integrations, connect the GitHub App so Discovery can enumerate the repositories you grant access to.
2
Sync organizations
Guardway pulls the list of orgs and repositories you can access.
3
Scan a repository
Guardway analyzes the repo’s manifests and code, detects AI dependencies, and stores the result as a set of findings.
4
Review the findings
Drill into any repo to see tabs for LLM Providers, AI Services, SDKs, MCPs, and Gateways; check the MCP security score; review SCA vulnerabilities.
5
Export an AIBOM
Download a CycloneDX 1.6 AI Bill of Materials for any scanned repo.
Where to next
Organizations
Sync orgs, scan repos, filter by status.
Findings
Drill into a repository, see the findings tabs, security scans, and AIBOM export.