.qt-noscript-shell{position:fixed;inset:0;background:#04091a;color:#e5edf7;font-family:ui-sans-serif,system-ui,sans-serif;display:flex;align-items:center;justify-content:center;padding:24px;z-index:99999}.qt-noscript-card{max-width:560px;width:100%;background:rgba(8,18,42,.6);border:1px solid rgba(0,229,255,.22);border-radius:16px;padding:32px;box-shadow:0 0 60px rgba(0,229,255,.08)}.qt-noscript-eyebrow{font-family:ui-monospace,SFMono-Regular,Menlo,monospace;font-size:11px;letter-spacing:.25em;text-transform:uppercase;color:#67e8f9;margin-bottom:14px}.qt-noscript-title{font-size:30px;line-height:1.15;font-weight:700;color:#fff;letter-spacing:-.01em;margin:0 0 16px}.qt-noscript-body{font-size:15px;line-height:1.6;color:#b5c5dd;margin:0 0 18px}.qt-noscript-list{font-size:14px;line-height:1.65;color:#b5c5dd;margin:0 0 22px;padding-left:18px}.qt-noscript-list li{margin-bottom:6px}.qt-noscript-list code{font-family:ui-monospace,SFMono-Regular,Menlo,monospace;font-size:13px;color:#67e8f9;background:rgba(0,229,255,.08);padding:1px 6px;border-radius:4px}.qt-noscript-actions{display:flex;flex-wrap:wrap;gap:10px}.qt-noscript-btn{display:inline-flex;align-items:center;gap:6px;padding:10px 18px;border-radius:999px;font-size:13px;font-weight:600;letter-spacing:.02em;text-decoration:none;border:1px solid rgba(0,229,255,.4);color:#e5edf7}.qt-noscript-btn-primary{background:#67e8f9;color:#04091a;border-color:#67e8f9}.qt-noscript-foot{margin-top:22px;font-family:ui-monospace,SFMono-Regular,Menlo,monospace;font-size:11px;letter-spacing:.15em;color:#5d7394;text-transform:uppercase}

JavaScript required

QorTrace needs JavaScript to run.

QorTrace is a cryptographic risk and PQC migration platform. The interface, live scans, and methodology viewer all run in your browser — they can't render without JavaScript.

Enable JavaScript for qortrace.com in your browser settings, then refresh.
Using a privacy extension (NoScript, uBlock, Brave Shields)? Allow scripts for this site only.
Just need the methodology or a sample report? Use the static fallbacks below.

Email for static methodology PDF View raw sample audit

QorTrace — methodology qortrace-method-v0.2

API reference

Endpoints

Five endpoints. Health is public; everything else requires Authorization: Bearer qb_….

Base URL: https://api.qorbom.com. All endpoints are HTTPS-only; HTTP is hard-redirected via HSTS.

Service health + spec versions advertised

GET/api/v1/cbom/healthPublic

Public endpoint — handy for sanity-checking your network reach before adding the API key.

Enqueue a CBOM scan for a public GitHub repo

POST/api/v1/cbom/scansAuth required

Request body

{
  "repo_url":        "https://github.com/owner/repo",
  "project_name":    "my-project",        // optional
  "project_version": "1.2.3"              // optional, defaults to "1.0.0"
}

201 response

{
  "id":                  "cbom_a1b2c3d4e5f6g7h8",
  "status":              "queued",
  "tenant_id":           "tnt_...",
  "tenant_kind":         "partner",
  "methodology_version": "qortrace-cbom-method-v0.1"
}

List your tenant's recent scans (most recent first)

GET/api/v1/cbom/scans?limit=50Auth required

200 response

{
  "scans": [ { "id": "cbom_...", "status": "completed", "score": 78, ... } ],
  "count": 4
}

Retrieve a scan's status, findings summary, and metadata

GET/api/v1/cbom/scans/{scan_id}Auth required

Status progresses queued → downloading → scanning → completed (or failed). Findings + components arrays are included; BOMs are NOT (use bom.json for those).

Download the CycloneDX 1.6 or SPDX 3.0.1 BOM

GET/api/v1/cbom/scans/{scan_id}/bom.json?format=cyclonedxAuth required

Pass ?format=spdx for SPDX 3.0.1 output. Returns 409 if status is not completed.