Quickstart

This guide walks you through installing qtz-discovery-cli and running your first cryptographic asset scan in under 5 minutes.

Step 1 — Install

Download the binary for your platform and move it onto your PATH:

# macOS — Apple Silicon
curl -Lo qtz-discovery-cli https://quantizant.io/downloads/releases/qtz-discovery-cli-darwin-arm64
chmod +x qtz-discovery-cli && sudo mv qtz-discovery-cli /usr/local/bin/

# macOS — Intel
curl -Lo qtz-discovery-cli https://quantizant.io/downloads/releases/qtz-discovery-cli-darwin-amd64
chmod +x qtz-discovery-cli && sudo mv qtz-discovery-cli /usr/local/bin/

# Linux — x86_64
curl -Lo qtz-discovery-cli https://quantizant.io/downloads/releases/qtz-discovery-cli-linux-amd64
chmod +x qtz-discovery-cli && sudo mv qtz-discovery-cli /usr/local/bin/

# Windows — download qtz-discovery-cli-windows-amd64.exe from /cli and add to PATH

Verify:

qtz-discovery-cli --version
# qtz-discovery-cli version 0.1.0

Step 2 — Run your first source scan

Point the scanner at a local repo or a Git URL:

# Scan a local directory
qtz-discovery-cli scan source ./my-repo --format dashboard

# Scan a remote Git repo
qtz-discovery-cli scan source https://github.com/my-org/my-repo.git

The --format dashboard flag opens an interactive TUI showing a transition readiness score and asset breakdown. Omit it to output a CycloneDX CBOM to stdout (the default format).

Step 3 — Understand the output

Each finding is classified by quantum risk:

Level	Action
`VULNERABLE`	Immediate — broken by quantum computers (RSA, ECDSA)
`PARTIAL`	Plan transition — weaker key sizes or aging algorithms
`HYBRID`	Good — classical + PQC running together
`SAFE`	Done — quantum-resistant (ML-KEM, ML-DSA, AES-256)

Step 4 — Export the CBOM

# Save CycloneDX CBOM
qtz-discovery-cli scan source ./my-repo --format cbom --output cbom.json

# View a human-readable summary
qtz-discovery-cli report summary cbom.json

The CBOM is a machine-readable JSON file following the CycloneDX 1.7 specification. You can share it with security teams, upload it to the portal, or feed it into your SIEM.

Step 5 — Scan a network endpoint

qtz-discovery-cli scan network api.mycompany.com:443

This checks TLS version, cipher suites, certificate chain, and quantum-safe key exchange support. See scan network for the full reference.

Next Steps

Full scan source reference — all flags, SCA ecosystems, LLM analysis
scan network — TLS grade and quantum grade explained
CI/CD integration — add qtz-discovery-cli to your pipeline
Configuration — config file and portal connection
Output formats — CBOM, SARIF, JSON, CSV, dashboard