Supply Chain Risk Monitor

Supplier financial health, geopolitical risk, disruption alerts

View the interactive project page →

Supply Chain Risk Monitor

Part of the worlds-biggest-software-project initiative.

Continuous, multi-tier supplier risk intelligence built on open data — so procurement teams can detect financial, geopolitical, and ESG disruptions before they cascade.

Supply Chain Risk Monitor is an open, AI-native platform for tracking supplier financial health, geopolitical exposure, and ESG compliance across multi-tier supply networks. It is for procurement, operations, and resilience teams who need real-time disruption alerts and sub-tier visibility without the opacity and enterprise pricing of incumbent risk platforms.


Why Supply Chain Risk Monitor?

  • Enterprise-only pricing locks out the mid-market. Interos, Resilinc, Z2Data, Sphera, and Exiger are all proprietary commercial platforms with opaque enterprise pricing; no credible open-source or self-hosted alternative exists.
  • Risk scoring is a black box. Incumbent scoring methodologies (Interos i-Score, EcoVadis ratings) are proprietary and not independently auditable, leaving procurement teams unable to challenge or explain scores.
  • Sub-tier visibility depends on supplier cooperation or proprietary data moats. Building Tier-2+ maps today requires either licensed datasets (D&B, Moody's, Z2Data's 1B-component database) or labour-intensive supplier disclosure programmes.
  • Alert fatigue undermines monitoring. High-volume news and event feeds (e.g. EventWatchAI) generate noise; intelligent deduplication and relevance ranking across overlapping signals remain underdeveloped.
  • Gartner's 2026 shift demands continuous monitoring. The market is moving from reactive incident response to proactive, real-time multi-tier risk monitoring — a shift that favours AI-native, event-driven architectures over scorecard snapshots.

Key Features

Supplier Risk Scoring

  • Risk scoring across financial health, geopolitical exposure, and ESG dimensions using open data sources
  • Configurable risk thresholds and severity classification per supplier tier
  • Drill-down views into the specific risk drivers behind each score
  • Audit trail and evidence package generation for regulatory due diligence

Multi-Tier Supply Chain Mapping

  • Tier-1 supplier mapping with inferred Tier-2 relationships from public trade and company data
  • Graph-based dependency visualisation to surface upstream concentrations of risk
  • Lightweight supplier onboarding portal with self-assessment questionnaires
  • Geographic and network views of risk exposure

Real-Time Event Monitoring

  • Continuous event monitoring with alert generation leveraging GDELT and equivalent open feeds
  • Configurable alert delivery via email and webhook
  • Severity classification and relevance filtering to reduce alert fatigue
  • Disruption scenario modelling and what-if simulation (v1.1)

Compliance & Reporting

  • Compliance module covering CSRD, UFLPA, ISO 28000, and EUDR
  • Sanctions and trade-restrictions screening
  • Audit-ready reporting for regulatory submissions

Integrations

  • REST API for ERP and procurement platform integration
  • Connectors for SAP Ariba and Coupa (v1.1)
  • Optional MCP/A2A protocol support for AI agent ecosystem interoperability (backlog)

AI-Native Advantage

AI is applied to the parts of supplier risk monitoring where incumbents leave the most value on the table: inferring sub-tier relationships from public trade data and filings without requiring supplier disclosure, scoring the relevance of geopolitical events to specific supplier locations and commodities, and predicting financial distress from alternative data signals such as payment delays and leadership changes. A natural-language interface lets analysts query supplier risk directly — for example, "which suppliers in Malaysia are exposed to flood risk in the next 90 days?" — instead of navigating dense dashboards. LLM-driven regulatory monitoring tracks EUDR, UFLPA, and CSRD updates and flags impacted suppliers automatically.


Tech Stack & Deployment

The platform is designed for self-hosted and cloud deployment, with REST APIs as the primary integration surface. The reference architecture combines Neo4j for multi-tier supplier graphs, Apache Kafka for real-time event streaming, Elasticsearch for news and event aggregation, and Airflow for scheduled financial-data refresh and scoring jobs. Open data sources — GDELT, World Bank, OpenCorporates, UN Comtrade — replace licensed commercial feeds where possible. Visualisation uses D3.js and Deck.gl for interactive supply chain network and geographic risk views.


Market Context

The supply chain risk management software market is approaching USD 3 billion and is projected to exceed USD 8 billion by the early 2030s as organisations prioritise resilience investment (Z2Data). Incumbents (Interos, Resilinc, Z2Data, Exiger, Sphera, EcoVadis) are uniformly enterprise-priced, with EcoVadis charging per supplier and the rest gated behind opaque enterprise contracts. Primary buyers are procurement, operations, resilience, and compliance leaders in regulated and supply-chain-sensitive sectors including manufacturing, electronics, automotive, defence, and consumer goods.


Project Status

This project is in the research and specification phase.
Contributions, feedback, and domain expertise are welcome.


Contributing

We welcome contributions from developers, domain experts, and potential users. See CONTRIBUTING.md for guidelines.

Important: All contributions must be your own original work or clearly attributed open-source material with a compatible licence. Copyright infringement and licence violations will not be tolerated and will result in immediate removal of the offending contribution. If you are unsure whether a piece of code, text, or other material is safe to contribute, open an issue and ask before submitting.


Licence

Licence to be determined. See discussion for context.