Supply chain threats move fast. Your guardrails should too.

DevRadar Guard detects early supply chain threat signals, verifies repo exposure, and generates guardrail files you can commit today.

GitHub Advisoriespackage-lock.jsonpoetry.lock

Built for npm and poetry.lock workflows in Alpha. More ecosystems planned next.

Start Free — Monitor 1 Repo See a Real Bundle ↓

Alpha runs in alert-only mode. No automatic blocking. You stay in control.

devradar-guard

$ devradar scan --repo gloriappt

Scanning package-lock.json... 954 dependencies found

⚠ 2 relevant threat matches detected

✗ axios@1.14.1 — supply chain compromise (High)

✓ Guardrail bundle generated — review and commit when ready

Why now

On March 31, axios was compromised. Not every headline touches your stack — but some do.

If a compromised package touched your repo — directly or transitively — you were in the blast radius. DevRadar Guard tells you when that threat creates real exposure in your codebase — before it turns into an expensive incident.

This isn't a news feed. It's repo exposure detection.

How it works

From signal to guardrail — automatically.

Three engines work together so your team can keep building instead of triaging security alerts.

Signal

We monitor supply chain threat signals before incidents make the news.

Alpha: GitHub Advisories, Reddit security communities, and npm ecosystem signals

Exposure

We verify repo exposure down to the version and dependency path.

Alpha: package-lock.json, poetry.lock

Guardrail

We generate guardrail files you can apply right away — not just alerts.

CLAUDE.md, .npmrc, hooks, GitHub Actions

Your team doesn't need another dashboard. Get guardrail files you can commit today.

See it in action

What DevRadar generates for your repo.

Guardrail files generated from a supply chain incident scenario.

⚠ Threat Matched

SignalAxios supply chain compromise (2026-03-31)Packageaxios@1.14.1PathDirect production dependencyRiskHIGH78 / 100

Why this mattersThis version is present in your production lockfile. A compromised maintainer token allowed injection of a malicious dependency that deploys a cross-platform RAT.

→ Safe version available: axios@1.14.0. Bundle update proposal ready.

Generated guardrails from this analysis:

8 guardrail files generated — 5 shown, full list in docs

These outputs are based on a supply chain incident scenario — not your repository.↓ Get Starter Kit on GitHub

Why DevRadar

Built for teams that don't have a security team.

Snyk manages known vulnerabilities. Socket analyzes package risk. DevRadar Guard verifies repo exposure and compiles guardrail files from a single policy bundle.

🎯

Repo-specific exposure, not generic headlines. We don't just report incidents — we verify repo exposure across your lockfile, versions, and dependency paths.

📦

Guardrail files you can commit today. CLAUDE.md, .npmrc, pre-install hooks, and GitHub Actions workflows — generated from your actual exposure, not a template.

🤖

AI agent and dependency policy in one flow. Claude Code settings, hooks, and dependency controls — compiled from a single policy bundle into one guardrail bundle.

Trust

Built to earn trust before asking for it.

🐕

Tested on our own production workflow

DevRadar Guard runs on our own codebase first. We use the same guardrails we generate for customers.

🔔

Alert-only in Alpha

No surprise PR failures. No automatic blocking. You review every recommendation before applying it.

🔒

Read-only GitHub permissions

Start with minimal permissions for repo inspection and lockfile parsing. No write access required.

📂

Open starter kit

Not ready to connect a repo? Grab our open-source starter kit on GitHub and apply baseline guardrails to your workflow.

What you get

Go from repo connection to your first bundle in minutes.

📡

1 Monitored Repo

Free tier

📦

Initial Bundle

8 config files

🔍

PR Check

alert-only

📋

Briefing

Weekly / Daily

Pricing

Start monitoring repo-specific supply chain risk in minutes.

Free

$0 / month

→ 1 repo monitored
→ Weekly briefing (7-day delay)
→ Initial guardrail bundle
→ Open starter kit access

Recommended

Pro

$39 / month

→ 5 repos monitored
→ Daily near-real-time briefing
→ Bundle generation + updates
→ PR check (alert-only)
→ Slack / Discord alerts

Start Free — No credit card required

Connect a repo — we'll check your lockfile and generate your first guardrail bundle.

Need a custom rollout for a larger team? Contact us. Contact us.

DevRadar Guard helps teams reduce supply chain risk faster. It does not guarantee complete protection. See our terms for details.

FAQ

Common questions.

Do you block PRs automatically?

No. In Alpha, PR checks are alert-only. DevRadar does not block merges or fail PRs. Optional hard-blocking is planned for Beta with configurable thresholds.

What GitHub permissions do you need?

We start with read-only permissions for repository inspection and lockfile parsing. If you later opt in to automated PR comments, we'll request write access — but that's entirely optional.

What ecosystems are supported in Alpha?

Alpha supports npm (package-lock.json) and Python (poetry.lock) first. CocoaPods, SPM, and broader ecosystem support are planned for later releases.