Point at a repo or a list of packages, scan for known vulnerabilities, get a report with severity and fix version. Runs on a schedule, alerts on new CVEs. Snyk without the SaaS.
Every operation in Scout is available through a JSON REST API. No SDK required — use curl, fetch, or any HTTP client.
GET /api/targets — list all targets with optional search and filter query parametersPOST /api/targets — create a new target recordGET /api/targets/{id} — retrieve a single target by IDPUT /api/targets/{id} — update an existing targetDELETE /api/targets/{id} — remove a targetGET /api/stats — aggregated statistics with status breakdownGET /api/health — health check endpoint for monitoringSelf-hosting used to mean spending a weekend configuring Docker, Postgres, Redis, and an Nginx reverse proxy. Scout skips all of that. It compiles to a static binary with an embedded database, so there is nothing to install and nothing to maintain.
Deploy Scout as a systemd service, a Docker container, or a bare process behind tmux. It reads two environment variables: PORT and DATA_DIR. Everything else is self-contained. The /api/health endpoint returns the service status and targets count, which you can wire into your existing monitoring stack.
An agency managing targets for multiple clients runs one Scout instance per client on isolated VMs. Each instance gets its own data directory. There is no shared database, no multi-tenant risk, no worry about one client's data appearing in another client's export.
GET /api/targets — List all targets. Supports ?q=keyword for search and ?status=value for filteringPOST /api/targets — Create a new target. Send JSON with at least nameGET /api/targets/{id} — Fetch one target by IDPUT /api/targets/{id} — Update fields on an existing targetDELETE /api/targets/{id} — Remove a targetGET /api/stats — Returns total count and breakdown by statusGET /api/health — Returns {"status":"ok"} for uptime monitoringSelf-hosted dependency scanner. Self-hosted on your infrastructure. Your data never leaves your server.
curl -fsSL https://stockyard.dev/install.sh | sh -s -- --tool scout
PORT=8630 ./scout
http://localhost:8630
Single binary. Embedded SQLite. No Docker. No database. No dependencies.
Your license key arrives by email within 5 minutes of checkout. Set it as an environment variable and restart the binary.
export SCOUT_LICENSE_KEY=stockyard_xxxxxxxxxxxxxxxxxxxx ./scout
No cloud connectivity required. The binary validates the key offline with Ed25519 signatures.