rorix
Sign In

Scan API

Submit .NET dependency manifests for vulnerability analysis and license compliance checks.

POST /api/audit

Authenticated endpoint for scanning dependencies. Returns detailed vulnerability and license data.

Request

curl -X POST https://rorix.io/api/audit \
  -H "Authorization: Bearer rxk_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "content": "<Project Sdk=\"Microsoft.NET.Sdk\">\n  <ItemGroup>\n    <PackageReference Include=\"Newtonsoft.Json\" Version=\"12.0.3\" />\n    <PackageReference Include=\"Microsoft.Data.SqlClient\" Version=\"4.1.0\" />\n  </ItemGroup>\n</Project>",
    "filename": "MyApp.csproj",
    "targetFramework": "net8.0",
    "licensePolicy": ["GPL-2.0", "GPL-3.0"]
  }'

Parameters

| Parameter | Required | Type | Description | | --- | --- | --- | --- | | content | Yes | string | Contents of the project file | | filename | Yes | string | Name of the file (used to determine parser) | | targetFramework | No | string | Target framework moniker (e.g., net8.0) | | licensePolicy | No | string[] | List of blocked SPDX license identifiers |

Response

{
  "packages": [
    {
      "name": "Newtonsoft.Json",
      "version": "12.0.3",
      "latestVersion": "13.0.3",
      "license": "MIT",
      "vulnerabilities": [
        {
          "id": "GHSA-5crp-9r3c-p9vr",
          "severity": "high",
          "title": "Improper Handling of Exceptional Conditions",
          "fixedIn": "13.0.1"
        }
      ]
    },
    {
      "name": "Microsoft.Data.SqlClient",
      "version": "4.1.0",
      "latestVersion": "5.2.0",
      "license": "MIT",
      "vulnerabilities": [
        {
          "id": "CVE-2024-0056",
          "severity": "critical",
          "title": "SQL Client Information Disclosure",
          "fixedIn": "5.1.4"
        }
      ]
    }
  ],
  "grade": "C",
  "score": 62,
  "summary": {
    "totalPackages": 2,
    "totalVulnerabilities": 2,
    "critical": 1,
    "high": 1,
    "medium": 0,
    "low": 0,
    "outdated": 2,
    "licenseViolations": 0
  }
}

POST /api/scan

Rate-limited public endpoint. No authentication required but limited to 10 requests per minute. Accepts the same parameters and returns the same response format as /api/audit.

curl -X POST https://rorix.io/api/scan \
  -H "Content-Type: application/json" \
  -d '{
    "content": "...",
    "filename": "MyApp.csproj"
  }'

POST /api/projects/:id/scan

Trigger a scan for a specific project. The project must already exist and have a linked repository or uploaded manifest.

curl -X POST https://rorix.io/api/projects/proj_abc123/scan \
  -H "Authorization: Bearer rxk_your_api_key_here"

Returns the scan result in the same format as /api/audit.

AuthenticationSBOM