Supplier Shield includes an automated OSINT scanner that evaluates six security dimensions of a supplier's public internet footprint: DNS configuration (SPF, DKIM, DMARC), TLS certificate validity and protocol strength, web security headers (HSTS, CSP, X-Frame-Options), known data breach exposure, domain reputation, and open port exposure. Each dimension receives an A–F letter grade. The composite OSINT score feeds into the supplier's overall risk profile alongside the manual dependency/penetration/exposure scoring. Scans can be triggered on demand or scheduled automatically at configurable intervals.