On this page
- The three scopes
- Account scope
- Project scope
- Service scope
- Two tabs on a service page, on purpose
- How scope filtering works
- Common workflows
- ”Something just deployed and I want to see if posture got worse”
- ”I just got an alert in another system that mentions a service of mine”
- ”I need a quarterly review across the whole account”
- ”A new team member is being onboarded to one project”
- What scopes do not change
- Where to go next
Last updated: May 23, 2026
Project & Service Security
Guara Shield is account-scoped at the top level, but security signals come from specific projects and specific services. To make that tractable, every Shield surface respects three explicit scopes:
- Account, your whole account.
- Project, one project you own.
- Service, one specific service.
This page is the wayfinding map: where exactly do I look for security data at each scope?
The three scopes
Account scope
Lives under the main Security section in the sidebar. From there:
Vulnerabilities, every CVE across every service in your account.Security Events, the full chronological timeline.Guara Shield, opens the Shield secondary sidebar with Overview, Findings, Service Scans, Flow Logs, Secrets, Runtime Risk Signals, and Reports & Posture.
Use account scope when you’re answering “what’s the state of my whole account?” or when you don’t yet know which project owns the signal.
Project scope
Every project page has a Security tab. The tab shows:
- A posture summary scoped to this project only.
- The findings inbox, pre-filtered to this project.
- A scope-aware view of recent security events for this project.
Use project scope when you’re debugging or reviewing one project, for example before a release, or while triaging a project-specific incident.
Service scope
Every service page has its own Security tab, sitting beside the existing Vulnerabilities tab. The Security tab shows:
- Findings scoped to this service.
- Recent service scan results for this service’s public endpoint, if it has one.
- A summary of recent flow logs involving this service.
- Recent runtime risk signals attached to this service’s workloads.
Catalog services like managed Postgres, Redis, and NATS have their own Vulnerabilities coverage, so the Security tab on a catalog service surfaces the same Shield context aligned to how that catalog product is operated.
Two tabs on a service page, on purpose
You may notice that a service page can have both:
Vulnerabilities, the existing free CVE tab.Security, the new Shield-context tab.
This is deliberate. The Vulnerabilities tab is dedicated, free, and unchanged. The Security tab adds the rest of Shield’s per-service context (scan results, flow summary, runtime signals, findings inbox) without disturbing what was already there. Use whichever tab matches the question you’re asking.
How scope filtering works
Filtering by scope is consistent across every Shield surface:
| Surface | Account scope | Project scope | Service scope |
|---|---|---|---|
| Findings inbox | All findings | Pre-filtered to project | Pre-filtered to service |
| Security Events | Full timeline | Pre-filtered to project | Pre-filtered to service |
| Vulnerabilities | Account-wide aggregate | Project services only | This service’s image only |
| Service Scans | All scanned services | Project services only | This service only |
| Flow Logs | All flows | Flows touching this project | Flows touching this service |
| Runtime Risk Signals | All workloads | Project workloads only | This service’s workloads only |
| Reports & Posture | Account posture | Project posture roll-up | Service posture roll-up |
Membership rules apply: you only see security data for projects and services you have access to.
Common workflows
”Something just deployed and I want to see if posture got worse”
Start at the service’s Security tab, then look at the project’s Security tab for context. If the project posture is healthy and the service posture changed, the change is local. If both moved, look at recent Security Events to find what triggered it.
”I just got an alert in another system that mentions a service of mine”
Open the service’s Security tab, that’s the lowest-noise scope. The findings list there is already filtered to that service.
”I need a quarterly review across the whole account”
Use the account-scope Reports & Posture page plus the account Findings inbox with filters for severity and source. The chronological account-scope Security Events timeline is the audit trail.
”A new team member is being onboarded to one project”
Send them to the project Security tab. It’s the scoped slice of Shield that’s relevant to their work without dumping the whole account on them.
What scopes do not change
- The free vulnerability surfaces remain free at every scope. Account, project, and service.
- Security Events at the top-level
/security/eventsremains the free baseline timeline. Project and service scopes are convenience filters on top of it. - Guara Shield is included for every account. Scoping doesn’t change billing or access, it only filters what’s shown.
Where to go next
- The unified triage surface: Security Findings.
- The full account-scope timeline: Security Events.
- The high-level posture summary: Reports & Posture.