Scan Commands
qtz-discovery-cli provides scan modalities under the scan command.
Each modality targets a different layer of your cryptographic attack surface.
Available Modalities
| Command | What it scans |
|---|---|
scan source | Source code repos — AI-driven SAST + SCA for crypto patterns and libraries |
scan binary | Compiled binaries and firmware — ELF, PE, Mach-O, archives, and more, without source code |
scan network | Live TLS/SSH endpoints — cipher suites, certificates, PQC key exchange |
Experimental Modalities
Enable with the --experimental global flag. These modalities are functional but
their CLI interface may change in future releases.
| Command | What it scans |
|---|---|
scan iac <path> | Terraform, CloudFormation, and Pulumi files — cryptographic resource declarations, deprecated TLS policies, weak key specs |
scan runtime | Live processes, containers, images, and OS trust stores — includes eBPF/DTrace crypto tracing (requires elevated privilege) |
scan infra | Cloud KMS/HSM inventory — AWS KMS, GCP KMS, Azure Key Vault, HashiCorp Vault |
# Enable experimental modalities
qtz-discovery-cli --experimental scan iac ./infra
qtz-discovery-cli --experimental scan infra --provider aws --region us-east-1
qtz-discovery-cli --experimental scan runtime --pid 1234Common Output Flags
All scan commands accept these output flags:
--format cyclonedx|sarif|json|csv|table|dashboard Output format (default: cyclonedx)
--output <file> Write output to file (default: stdout)
--upload Upload findings to Quantizant portalCombining Scans
Run multiple scan types and merge findings into a single CBOM:
# Scan source + network in sequence, upload both
qtz-discovery-cli scan source . --format cyclonedx --output source.json --upload
qtz-discovery-cli scan network api.mycompany.com:443 --format cyclonedx --output network.json --upload
When --upload is set, both CBOMs are merged on the portal into a unified asset inventory.