> ## Documentation Index
> Fetch the complete documentation index at: https://docs.guardway.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> Automatically inventory every AI dependency across your GitHub repositories — models, SDKs, MCP tools, gateway configs.

**Discovery** is Guardway's AI-dependency inventory. Point it at your GitHub organization and it scans every repository to surface which LLM providers, AI services, SDKs, MCP tools, and gateway configs your codebase already touches — with a security score and a vulnerability list for each.

<Frame caption="Discovery → Organizations">
  <img src="https://mintcdn.com/fcguardwayai/rJTQ_bXDRs9Cgazf/images/screenshots/discovery/overview.png?fit=max&auto=format&n=rJTQ_bXDRs9Cgazf&q=85&s=ee8e4c380f7f9cd1681014e48188d365" alt="Discovery overview" width="1" height="1" data-path="images/screenshots/discovery/overview.png" />
</Frame>

## What it finds

| Type               | Examples                                                                |
| ------------------ | ----------------------------------------------------------------------- |
| **LLM Provider**   | Direct imports or API calls to OpenAI, Anthropic, Google, Mistral, etc. |
| **AI Service**     | External AI services (moderation APIs, speech-to-text, image gen).      |
| **SDK Dependency** | AI-related packages in `package.json`, `requirements.txt`, etc.         |
| **MCP Tool**       | Registered [MCP](https://modelcontextprotocol.io) servers and tools.    |
| **Gateway Config** | Guardway or other AI-gateway configuration files.                       |

## How it works

<Steps>
  <Step title="Connect GitHub">
    On [Settings → Integrations](/platform/settings/integrations), connect the GitHub App so Discovery can enumerate the repositories you grant access to.
  </Step>

  <Step title="Sync organizations">
    Guardway pulls the list of orgs and repositories you can access.
  </Step>

  <Step title="Scan a repository">
    Guardway analyzes the repo's manifests and code, detects AI dependencies, and stores the result as a set of **findings**.
  </Step>

  <Step title="Review the findings">
    Drill into any repo to see tabs for LLM Providers, AI Services, SDKs, MCPs, and Gateways; check the MCP security score; review SCA vulnerabilities.
  </Step>

  <Step title="Export an AIBOM">
    Download a CycloneDX 1.6 **AI Bill of Materials** for any scanned repo.
  </Step>
</Steps>

## Where to next

<CardGroup cols={2}>
  <Card icon="building" title="Organizations" href="/discovery/organizations">
    Sync orgs, scan repos, filter by status.
  </Card>

  <Card icon="folder-tree" title="Findings" href="/discovery/findings">
    Drill into a repository, see the findings tabs, security scans, and AIBOM export.
  </Card>
</CardGroup>

## Scope

Discovery is **platform-scoped** (cloud). It runs on Guardway's control plane using the GitHub token you provide — no agent, no gateway required. Audit entries for scan actions are recorded centrally on the [Audit Log](/platform/settings/audit-log) like every other administrative event.
