Explore more publications!
Global Media Watch
Got News to Share?

Scarf Launches Dependency Radar to Deliver Real-Time Software Supply Chain Security from Billions of Daily OSS Downloads

New API-based feed exposes vulnerable open source downloads as they happen across enterprise environments, outpacing AI-driven cybersecurity threats.

SAN FRANCISCO, CA, UNITED STATES, April 28, 2026 /EINPresswire.com/ -- Scarf, the standard for open-source intelligence, today announced the launch of Dependency Radar, a new API-based feed designed to provide real-time supply chain security monitoring. Leveraging Scarf’s visibility into over 2 billion daily open source software (OSS) downloads, Dependency Radar empowers enterprise security teams to track what their organizations are actually downloading in real time, bridging a critical gap left by traditional static scanning tools.

The Blind Spot in Software Supply Chain Security
Supply chain security remains a critical vulnerability for modern enterprises. Even the world's leading security organizations face breaches, and artificial intelligence is accelerating the pace of cyber threats, drastically shrinking the window between vulnerability discovery and exploitation. More code is being written, modified, and deployed automatically than ever before.

“Despite widespread awareness, large enterprises continue to download known, heavily compromised OSS packages,” said Avi Press, Founder and CEO of Scarf. “Widely-known vulnerabilities like Log4Shell, which was patched years ago, still see millions of downloads of unpatched versions every month.”

Most supply chain security tools focus on scanning static code, SBOMs, or restricting access. While important, they do not monitor real-time behavior. They might catch what is about to be deployed or merged, but they will not catch what an engineer, build system, or AI agent is actively downloading to a local machine right now.

Introducing Dependency Radar
To help companies stay ahead of rapid-fire threats, Scarf created Dependency Radar. It acts as a direct firehose, filtering Scarf’s massive global tracking data to show companies the exact OSS packages their teams are downloading.

By feeding this real-time data into internal security protocols, security personnel can gain immediate insights into live risks within their software supply chain. Static scanning tells organizations what they think they use; Dependency Radar shows what the organization is actually downloading.

Key features include:

Real-Time Visibility: Monitor exactly what your team and workloads are pulling down from the open-source ecosystem as it happens.
AI-Ready Workflows: Seamlessly feed download data into your own AI agents, or use the Scarf AI Agent to instantly analyze supply chain risks.

Cost-Effective Accessibility: Dependency Radar is available to all Scarf users, including those on the free tier. Each API call consumes just one “Run” credit and returns up to 1,000 raw download events at a time.

Secure and Verified Access
To protect enterprise data, access to Dependency Radar is strictly limited to verified organizations. To access the feed, users must have a verified company email address that matches the domain of the queried events. Additionally, the Scarf organization must have a billing email address tied to that same domain (e.g., an @example.com billing email requires a verified @example.com user email).

Getting Started
Scarf’s goal is to get this data feed into the hands of enterprise security teams as quickly as possible to gather feedback on what vulnerabilities they uncover and how they build out their real-time defenses.
Enterprise security teams can begin using Dependency Radar today. The fastest way to start is by asking the Scarf AI Agent in the app, or by asking any LLM using the Scarf AI skill available at github.com/scarf-sh/scarf-skill. The feed is also fully accessible directly through Scarf’s public API.

About Scarf
Scarf is the standard for open-source intelligence. Pioneering usage intelligence for open-source software, Scarf helps organizations understand who is using their projects, what their infrastructure depends on, and where risk or revenue is building. Tracking over 2 billion daily OSS downloads, 308 million unique end users, and 2 million companies without storing any personally identifiable information (PII), Scarf works seamlessly with modern AI stacks to turn open-source signals into action.

Press
Scarf
press@scarf.sh

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share us

on your social networks:
Facebook Facebook LinkedIn LinkedIn
AGPs

Get the latest news on this topic.

SIGN UP FOR FREE TODAY

No Thanks

By signing to this email alert, you
agree to our Terms & Conditions