.qt-noscript-shell{position:fixed;inset:0;background:#04091a;color:#e5edf7;font-family:ui-sans-serif,system-ui,sans-serif;display:flex;align-items:center;justify-content:center;padding:24px;z-index:99999}.qt-noscript-card{max-width:560px;width:100%;background:rgba(8,18,42,.6);border:1px solid rgba(0,229,255,.22);border-radius:16px;padding:32px;box-shadow:0 0 60px rgba(0,229,255,.08)}.qt-noscript-eyebrow{font-family:ui-monospace,SFMono-Regular,Menlo,monospace;font-size:11px;letter-spacing:.25em;text-transform:uppercase;color:#67e8f9;margin-bottom:14px}.qt-noscript-title{font-size:30px;line-height:1.15;font-weight:700;color:#fff;letter-spacing:-.01em;margin:0 0 16px}.qt-noscript-body{font-size:15px;line-height:1.6;color:#b5c5dd;margin:0 0 18px}.qt-noscript-list{font-size:14px;line-height:1.65;color:#b5c5dd;margin:0 0 22px;padding-left:18px}.qt-noscript-list li{margin-bottom:6px}.qt-noscript-list code{font-family:ui-monospace,SFMono-Regular,Menlo,monospace;font-size:13px;color:#67e8f9;background:rgba(0,229,255,.08);padding:1px 6px;border-radius:4px}.qt-noscript-actions{display:flex;flex-wrap:wrap;gap:10px}.qt-noscript-btn{display:inline-flex;align-items:center;gap:6px;padding:10px 18px;border-radius:999px;font-size:13px;font-weight:600;letter-spacing:.02em;text-decoration:none;border:1px solid rgba(0,229,255,.4);color:#e5edf7}.qt-noscript-btn-primary{background:#67e8f9;color:#04091a;border-color:#67e8f9}.qt-noscript-foot{margin-top:22px;font-family:ui-monospace,SFMono-Regular,Menlo,monospace;font-size:11px;letter-spacing:.15em;color:#5d7394;text-transform:uppercase}

JavaScript required

QorTrace needs JavaScript to run.

QorTrace is a cryptographic risk and PQC migration platform. The interface, live scans, and methodology viewer all run in your browser — they can't render without JavaScript.

Enable JavaScript for qortrace.com in your browser settings, then refresh.
Using a privacy extension (NoScript, uBlock, Brave Shields)? Allow scripts for this site only.
Just need the methodology or a sample report? Use the static fallbacks below.

Email for static methodology PDF View raw sample audit

QorTrace — methodology qortrace-method-v0.2

Get started · 5 minutes

Quickstart

Submit a scan, poll for completion, download the BOM. Five lines of code, two SDKs, zero setup.

Live API reference OpenAPI 3.1 JSON Apply for a key

Prerequisites

You need a QorBOM™ Partner API key. New partners get a sandbox key (prefix qb_test_) within two business days of applying. See Authentication for the full key format + storage guidance.

Three calls, three minutes

Pick a language. Every snippet below shows the exact same flow: submit a public GitHub URL, poll until done, fetch the BOM.

# 1. Submit a scan
curl -X POST "https://qortrace.com/api/v1/cbom/scans" \
  -H "Authorization: Bearer $QORBOM_KEY" \
  -H "Content-Type: application/json" \
  -d '{"repo_url": "https://github.com/octocat/Hello-World"}'

# 2. Poll (response status: queued → scanning → completed)
curl "https://qortrace.com/api/v1/cbom/scans/cbom_xxxxxxxxxxxxxxxx" \
  -H "Authorization: Bearer $QORBOM_KEY"

# 3. Download CycloneDX BOM (or ?format=spdx)
curl "https://qortrace.com/api/v1/cbom/scans/cbom_xxxxxxxxxxxxxxxx/bom.json" \
  -H "Authorization: Bearer $QORBOM_KEY" > bom.json

Async scans. Scans run on a worker pool. Most public-repo scans take 20–30 seconds. Use webhooks (see Webhooks) to skip polling on production integrations.

Try it now — no signup

Paste any public GitHub repo URL. We'll run a real QorBOM™ scan and show you the readiness summary. One scan per IP per 24 hours.

Where to next

Authentication — key format, header, rotation, scopes
Endpoints — every route + request/response schema
Webhooks — push-style scan-complete notifications