rorix scan
Scan your .NET project dependencies for known vulnerabilities, license compliance issues, and supply chain risks.
Usage
rorix scan [path] [options]If no path is provided, Rorix scans the current directory.
Options
| Option | Default | Description |
| --- | --- | --- |
| --format | table | Output format: table, json, or sarif |
| --exit-code | false | Exit with code 1 if vulnerabilities are found |
| --policy | — | Path to a .rorix.yml policy file |
| --severity | — | Minimum severity to report: low, medium, high, critical |
| --output | — | Write results to a file instead of stdout |
Examples
Scan the current directory
rorix scanScan a specific project
rorix scan ./src/MyApp/MyApp.csprojOutput as JSON
rorix scan --format jsonFail in CI when vulnerabilities are found
rorix scan --exit-codeEnforce a policy file
rorix scan --policy .rorix.yml --exit-codeGenerate SARIF output for GitHub Security tab
rorix scan --format sarif --output results.sarifExit Codes
| Code | Meaning |
| --- | --- |
| 0 | Scan completed, no issues (or no policy violations) |
| 1 | Vulnerabilities found (when --exit-code is set) or policy violations |
| 2 | Configuration or authentication error |