.NET security
at engineering speed.

Deep vulnerability audits, dependency graphs, license compliance, SBOM generation, and typosquatting detection for every .NET project.

Get started Documentation

Try without signing in →

uses: rorix-io/rorix@v1 # audit on every PR

Why .NET teams need dedicated security

Generalist tools leave gaps. Rorix fills them.

NuGet vulnerabilities hide in transitive dependencies

Most teams only check direct packages — missing the 80% of vulnerabilities buried in transitive dependency chains three or four levels deep.

Generic scanners don't understand .NET

Tools like Snyk and GitHub treat NuGet as an afterthought. No support for Directory.Packages.props, global.json, or multi-TFM resolution.

Compliance reports shouldn't take a sprint

SBOM generation, license audits, and vulnerability reports are still manual and painful. Security reviews block releases instead of enabling them.

From scan to fix in minutes

A complete security workflow built for .NET engineers.

Scan every .NET format

Upload a .csproj, point at a .sln, or trigger via CI. Rorix auto-discovers all project files and resolves the full dependency graph — including transitive packages across target frameworks.

.csproj, .sln, packages.config
Directory.Packages.props, global.json
nuget.config, .deps.json, lock files

Everything you need to secure .NET

Purpose-built for the .NET ecosystem. Not a generalist afterthought.

Vulnerability Scanning

Deep audit with CVSS scores, CWE IDs, fix versions, and remediation guidance powered by OSV.

SBOM Generation

CycloneDX 1.6 and SPDX 2.3 compliant SBOMs with full license data included.

License Compliance

Classify licenses as permissive, copyleft, or unknown. Enforce allowlist and blocklist policies.

Typosquatting Detection

Levenshtein distance analysis against top NuGet packages to catch malicious name squatting.

Dependency Graph

Interactive visualization of your full dependency tree with transitive path highlighting.

All .NET Formats

.csproj, .sln, packages.config, Directory.Packages.props, global.json, nuget.config, .deps.json.

Embeddable Badges

SVG badges for your README showing security grade and vulnerability count.

GitHub Action

Audit on every PR. Auto-comment results, fail on critical vulnerabilities or grade thresholds.

Embeddable badges for your README

Show your security posture with live-updating SVG badges. Drop them into any README, wiki, or dashboard.

Add to your README.md:

<!-- Grade badge -->
![rorix](https://rorix.io/api/badge/audit?type=grade&csproj=URL)

<!-- Vulnerability count badge -->
![vulns](https://rorix.io/api/badge/audit?type=vulns&csproj=URL)

300k+

NuGet packages monitored

50k+

Known vulnerabilities tracked

.NET project formats supported

Advisory sources aggregated

Fits into your stack on day one

No rip-and-replace. Works with the tools you already use.

GitHub

Azure DevOps

NuGet

Enterprise ready from day one

Built with the guardrails your security and compliance teams require.

SSO & SAML

Single sign-on via Entra ID, Okta, and any SAML/OIDC provider. One login for your entire security team.

Role-Based Access Control

Admin, Security, Developer, and Viewer roles with project-level permissions. Scoped API keys for CI/CD.

Compliance Reports

Pre-built templates for SOC 2 Type II, ISO 27001, FedRAMP, and PCI DSS 4.0. Exportable PDF and CSV evidence.

Audit Trail

Every scan, policy change, override, and user action logged with timestamp and actor. SIEM integration via webhooks.

Scan your first project in 30 seconds

Upload a .csproj file or paste your project and get a full security audit — vulnerabilities, licenses, typosquatting, and an overall grade.

Get started View documentation