Skip to main content
These are the public SafeDep hosts you work with directly: the console, the API planes, identity, the community API, and the hosted MCP server. Use this page as the canonical reference for what each host does and how it authenticates. For how to authenticate against the API planes, see Authentication.
This list is not a complete egress allowlist. Some integrations reach additional internal hosts. Enabling vet-action’s comments proxy, for example, adds ghcp-integrations.safedep.io. Check the relevant integration’s docs when you configure strict firewall rules.

Hosts

HostRoleAuthentication
app.safedep.ioWeb console: sign in, manage your tenant, and create API keysInteractive login (OAuth/OIDC)
api.safedep.ioData plane: package insights, scanning, and malware analysis (gRPC / ConnectRPC)API key
cloud.safedep.ioControl plane: tenant, policy, and management operationsJWT
auth.safedep.ioIdentity provider: OAuth2 / OIDC, issues and validates JWTsOAuth2 / OIDC
community-api.safedep.ioCommunity API: public malware and package queriesNone (keyless)
mcp.safedep.ioHosted Model Context Protocol server for AI coding toolsAPI key
You create API keys in the web console at app.safedep.io/settings/api-keys. Your tenant ID is your tenant domain, for example your-company.safedep.io.

Notes

  • app.safedep.io is the SafeDep Cloud console. It replaces the retired platform.safedep.io, which is no longer in use. Update any old references to that host.
  • The data plane (api.safedep.io) and control plane (cloud.safedep.io) speak gRPC with a ConnectRPC facade, not REST. See the canonical schemas at buf.build/safedep/api.
  • The community API (community-api.safedep.io) needs no authentication and is rate-limited under a fair-usage policy.

Authentication

How to authenticate against the data and control planes.

API Specification

Canonical gRPC / ConnectRPC schemas and generated SDKs.