.qt-noscript-shell{position:fixed;inset:0;background:#04091a;color:#e5edf7;font-family:ui-sans-serif,system-ui,sans-serif;display:flex;align-items:center;justify-content:center;padding:24px;z-index:99999}.qt-noscript-card{max-width:560px;width:100%;background:rgba(8,18,42,.6);border:1px solid rgba(0,229,255,.22);border-radius:16px;padding:32px;box-shadow:0 0 60px rgba(0,229,255,.08)}.qt-noscript-eyebrow{font-family:ui-monospace,SFMono-Regular,Menlo,monospace;font-size:11px;letter-spacing:.25em;text-transform:uppercase;color:#67e8f9;margin-bottom:14px}.qt-noscript-title{font-size:30px;line-height:1.15;font-weight:700;color:#fff;letter-spacing:-.01em;margin:0 0 16px}.qt-noscript-body{font-size:15px;line-height:1.6;color:#b5c5dd;margin:0 0 18px}.qt-noscript-list{font-size:14px;line-height:1.65;color:#b5c5dd;margin:0 0 22px;padding-left:18px}.qt-noscript-list li{margin-bottom:6px}.qt-noscript-list code{font-family:ui-monospace,SFMono-Regular,Menlo,monospace;font-size:13px;color:#67e8f9;background:rgba(0,229,255,.08);padding:1px 6px;border-radius:4px}.qt-noscript-actions{display:flex;flex-wrap:wrap;gap:10px}.qt-noscript-btn{display:inline-flex;align-items:center;gap:6px;padding:10px 18px;border-radius:999px;font-size:13px;font-weight:600;letter-spacing:.02em;text-decoration:none;border:1px solid rgba(0,229,255,.4);color:#e5edf7}.qt-noscript-btn-primary{background:#67e8f9;color:#04091a;border-color:#67e8f9}.qt-noscript-foot{margin-top:22px;font-family:ui-monospace,SFMono-Regular,Menlo,monospace;font-size:11px;letter-spacing:.15em;color:#5d7394;text-transform:uppercase}

JavaScript required

QorTrace needs JavaScript to run.

QorTrace is a cryptographic risk and PQC migration platform. The interface, live scans, and methodology viewer all run in your browser — they can't render without JavaScript.

Enable JavaScript for qortrace.com in your browser settings, then refresh.
Using a privacy extension (NoScript, uBlock, Brave Shields)? Allow scripts for this site only.
Just need the methodology or a sample report? Use the static fallbacks below.

Email for static methodology PDF View raw sample audit

QorTrace — methodology qortrace-method-v0.2

Get started

SDKs & samples

The Partner API is small enough that a hand-rolled HTTP client is the right choice for most teams — no SDK lock-in. Two official thin wrappers (Python + Go) handle retries, exponential backoff, and signature verification if you'd rather not.

Official SDKs

Python

qorbom

pip install qorbom Source on GitHub

Go

github.com/qortrace/qorbom-go

go get github.com/qortrace/qorbom-go Source on GitHub

Community SDKs. Node, Ruby, Rust, and PHP libraries are maintained by the community. They aren't audited by QorBOM — review the source before depending on them.

First call with the SDK

import os
from qorbom import Client

q = Client(api_key=os.environ["QORBOM_KEY"])

# Submit + wait (handles polling for you, default timeout 90s)
scan = q.scans.create_and_wait(
    repo_url="https://github.com/octocat/Hello-World"
)

print(scan.score, scan.findings_total)

# CycloneDX BOM as a dict
bom = q.scans.bom(scan.id, format="cyclonedx")
print(bom["bomFormat"], bom["specVersion"])

Or just plain HTTP

Every endpoint is a single request. See Quickstart for curl, Python (requests), Node (axios), and Go (net/http) recipes without any SDK dependency.

Postman collection

A pre-built Postman 2.1 collection is available on the interactive API reference page — click Export → Postman. The collection includes a sandbox environment with all required headers + a working example for every endpoint.