Dependency Radar
A new real-time supply chain security feed from open source downloads tracked by Scarf.
Monitor what your team is downloading, feed it to your AI agents or ours, and get real-time insights about live risks in your supply chain.
Static scanning only tells you part of the story. Dependency Radar helps show what your organization is actually downloading.
Think of it as a single firehose of every OSS download Scarf sees from your company, across the billions of downloads we track daily.
How much does Dependency Radar cost?
Dependency Radar is available to everyone, including users on the free tier.
Each API call to Dependency Radar consumes 1 Run. See Scarf pricing for more information on Run credits.
Each API call can return up to 1,000 raw download events at a time.
Do I have access to download data for my entire company? Who gets access to this?
Access is restricted to verified organizations.
You’ll need:
- A verified company email address that matches the domain of the events you are trying to query.
- Your Scarf organization must also have a billing email address tied to the same domain.
Example: If your organization has an @example.com billing email, your account must have a verified @example.com email address to access this API.
Your Dependency Radar feed will include download events that Scarf maps to your company domain.
How do I get started?
The best way is to ask your Scarf AI Agent in Slack, or ask your LLM using our AI skill:
https://github.com/scarf-sh/scarf-skill
Dependency Radar is also accessible directly through Scarf’s public API.
