A product by Data Insights AI · Vienna, Austria

Supply Chain Guardian

Prevent supply chain attacks before they reach your CI/CD pipeline. Every dependency pinned. Every secret scoped. Every drift detected.

32,000+

tools tracked

security profiles

attacks stopped

curl -sSL https://scg.data-insights.ai/install.sh | sh

Single binary. Zero config. No GitHub token needed.

Two Independent Defense Layers

Digest Pinning

Every mutable reference (tag, version, branch) is resolved to an immutable content hash and locked in scg.lock. If the hash changes, the build halts.

Secret Scoping

Each CI tool has a security profile defining what secrets it needs. scg scope identifies and optionally removes secrets the tool shouldn't see.

Drift Detection

Powered by a temporal knowledge graph. SCG tracks every resolution over time and detects the moment any dependency changes unexpectedly.

Real-World Attacks SCG Stops

Attack	Date	Impact	Defense
tj-actions/changed-files	Mar 2025	23,000+ repos	digest pinningsecret scoping
reviewdog/action-setup	Mar 2025	CISA KEV	digest pinning
Codecov Bash Uploader	2021	29,000+ customers	digest pinningsecret scoping
ua-parser-js (npm)	Oct 2021	7M+ downloads	digest pinning
event-stream (npm)	Nov 2018	8M installs	digest pinning
PyTorch torchtriton	Dec 2022	2,700+ downloads	digest pinning
PyPI typosquatting	2022-2025	500+ packages	digest pinning

How It Works

1. Lock

scg init scans your workflow files, resolves every dependency to an immutable hash via the SCG Platform, and writes scg.lock.

2. Verify

scg check in CI re-resolves and compares. If any hash changed — tag hijacking, dependency confusion, typosquatting — the build halts.

3. Protect

scg scope audits which secrets each step can access. Forbidden secrets are identified and optionally stripped from the environment.

SCG Platform

The SCG Platform continuously crawls and resolves all known CI/CD tools. The CLI queries the platform by default — no GitHub token, no registry accounts, no configuration needed.

Free 20 req/hr

No account needed. scg check queries the platform automatically. Enough for any single repo.

Pro 5,000 req/hr

Continuous monitoring. Webhook alerts on drift. Temporal history. Multi-repo dashboard.

Enterprise 50,000 req/hr

Custom policies. SBOM generation. SLA. Self-hosted option.

Get Started in 30 Seconds

curl -sSL https://scg.data-insights.ai/install.sh | sh

Download binaries · Install script · Source code · Platform status