rorixrorix
sign in →

Rorix Documentation

Rorix is a comprehensive security platform for .NET applications. It combines vulnerability scanning, software composition analysis, pentesting, and policy enforcement into a single tool — so you can ship with confidence.

What Rorix Does

  • Vulnerability Scanning — analyze NuGet dependencies against known CVEs and advisories
  • SBOM Generation — produce CycloneDX and SPDX software bills of materials for compliance
  • License Compliance — detect package licenses and flag policy violations
  • Policy Enforcement — define rules that block builds when security thresholds are breached
  • Pentesting — run Nuclei scans and API fuzzing against web targets
  • Trusted Registry — rebuild and approve NuGet packages before developers can restore them
  • Container Security — scan Docker images and ECR registries for vulnerabilities
  • Dependency Graphs — visualize your full dependency tree to understand transitive risk

Getting Started

The fastest way to get started is the Quickstart guide — install the CLI, authenticate, and run your first scan in under 5 minutes.

There are three ways to use Rorix:

  1. Dashboard — the web interface at rorix.io/dashboard for managing projects, viewing results, and configuring settings
  2. CLI — the rorix command-line tool for scanning locally and in CI pipelines
  3. API — RESTful endpoints for programmatic access and custom integrations

Choose Your Integration

| Integration | Best For | |---|---| | CLI | Local development, scripts, and custom CI pipelines | | GitHub Actions | Automated PR checks and scheduled scans on GitHub | | Azure DevOps | Pipeline tasks for Azure DevOps projects | | Dashboard | Team visibility, project management, and quick scans | | API | Building custom integrations and automation workflows |

Quickstart