SCG resolves every CI/CD dependency to an immutable hash, stores the full history in our temporal knowledge graph, and surfaces compromise the moment it lands — not the morning after.
Every dependency locked to an immutable content hash. Tag hijacks, typosquats and dep-confusion all halt the build.
Every resolution stored in our temporal knowledge graph. Hash drift, dependency injection and burst publishes all surface here.
Lockfiles signed with ed25519. Verifiable offline. Webhook alerts the moment a watched ref drifts.
On 11 May 2026, TeamPCP published 84 malicious versions across 42 @tanstack/* npm packages in under six minutes — pushed through TanStack's own OIDC trusted-publisher binding after the workflow was hijacked. SCG's event-driven watcher recorded the burst in seconds. Tools relying on daily crawls saw it the next day.
The same compromise can hide in three different shapes — a tag that quietly moves to a new commit, a published version that grows a new dependency, a step that gets handed a secret it never needed. SCG closes each one.
Every dependency is locked to an immutable content hash. If the hash changes — tag hijack, typosquat, dependency confusion — the build halts before a single byte of attacker code runs.
The platform stores every package's dependency graph in our temporal knowledge graph. When a new version suddenly grows an unknown dependency, SCG flags it — the axios pattern, the Shai-Hulud worm.
Each CI tool has a security profile naming the secrets it requires and the ones it must never see. Mismatches are surfaced before the step runs — no NPM_TOKEN handed to a linter.
The five-stage pipeline. Built around the upstream event feeds — npm _changes long-poll, PyPI updates RSS, GitHub tags webhook — not the once-a-day registry crawl that the rest of the industry calls real-time.
Long-poll the registry's replication stream. Every publish surfaces in seconds.
replicate.npmjs.com/_changesFetch the new version's integrity hash and direct deps. Capture maintainers.
sha512 · sha256 · sha1Tool → RESOLVES_TO → Digest, with full valid-time history. TKG TieredStore — hot refs, time-windowed events.
tkg v3 · ed25519-signedPer-scope and per-maintainer burst detectors. Hash drift on re-resolve. Volatility scoring via Tyla.
scope cohort · maintainer cohortWatching orgs receive a signed webhook the moment a watched ref drifts.
/v1/check · /v1/historyThe real-world supply chain compromises SCG defends against — pinned, force-pushed, typosquatted, worm-propagated. Each row maps an actual published attack to the layer that catches it.
| Attack | Date | Impact | Defense |
|---|---|---|---|
| TanStack / Mini Shai-Hulud42 npm packages, 84 versions, 6-minute burst | May 2026 | 12.7M weekly DLs (react-router alone) | _changes feedburst detectmaintainer |
| mistralai 2.4.6 (PyPI)malicious payload on import; lived ~hours | May 2026 | AI/agent dev tooling | RSS watcherdigest pin |
| Checkmarx KICS Docker / VSCodecredential-stealer in official image | Apr 2026 | enterprise security tooling | digest pindrift |
| axios 1.14.1 (npm)injected dependency (plain-crypto-js) | Mar 2026 | 83M weekly DLs | dep graphdigest pin |
| trivy-action / LiteLLMtag force-push to malicious commit | Mar 2026 | 95M monthly DLs | driftdigest pin |
| tj-actions / changed-filesCISA KEV · stole CI secrets | Mar 2025 | 23,000+ repos | digest pinsecret scope |
| reviewdog / action-setupsecret exfiltration via post-step | Mar 2025 | CISA KEV | digest pinsecret scope |
| Codecov bash uploaderCI secret harvest | 2021 | 29,000+ customers | digest pinsecret scope |
| ua-parser-js (npm)account takeover · malicious version | Oct 2021 | 7M+ weekly DLs | digest pin |
| event-stream (npm)maintainer handoff to attacker | Nov 2018 | 8M installs | digest pindep graph |
| PyTorch torchtritonPyPI namespace confusion | Dec 2022 | 2,700+ DLs | digest pin |
GitHub Actions, npm, PyPI, Docker Hub. Each crawled with its own throttle, each resolved to its own hash format, every result re-checked on a 15-minute drift schedule.
The CLI queries the platform directly. Linux and macOS, amd64 and arm64. A single static binary. The install script verifies SHA-256 against the manifest before it touches your path.
Current CLI: v0.1.30. Each release ships SHA-256 checksums and an ed25519-signed manifest.
checksums.txt →If you'd rather build it yourself.
Drop into any pipeline. Exits non-zero on drift or scope violation.
The CLI talks to api.scg.data-insights.ai by default — no tokens, no accounts. 20 requests per hour per IP is enough for any single repo. Paid tiers raise the ceiling.
| Method | Endpoint | Auth |
|---|---|---|
| GET | /v1/resolve/{ecosystem}/{reference} | public |
| GET | /v1/profile/{ecosystem}/{tool} | public |
| GET | /v1/status | public |
| POST | /v1/sign | public |
| GET | /v1/history/{ecosystem}/{reference} | api-key |
| POST | /v1/check | api-key |
| POST | /v1/lockfile | api-key |
| GET | /v1/trends/{ecosystem}?days=30 | admin · tyla |
ecosystems: github_action
· npm
· pypi
· docker
The public API is the same on every plan. The difference is the rate limit, the temporal history depth, and the webhook channel.
Enough for any single repo. No account needed.
For teams running fleets of repos. Webhook alerts on drift.
Custom policies, dedicated profiles, and a self-hosted option.
A single binary, pinned hashes, scoped secrets, event-driven drift detection. Install in one line.