Scan Commands

qtz-discovery-cli provides two scan modalities under the scan command. Each modality targets a different layer of your cryptographic attack surface.

Available Modalities

Command	What it scans
`scan source`	Source code repos — SAST + SCA for crypto patterns and libraries
`scan network`	Live TLS/SSH endpoints — cipher suites, certificates, PQC key exchange

Common Output Flags

All scan commands accept these output flags:

--format  cbom|sarif|json|csv|table|dashboard   Output format (default: cbom)
--output  <file>                                 Write output to file (default: stdout)
--upload                                          Upload findings to Quantizant portal

Combining Scans

Run multiple scan types and merge findings into a single CBOM:

# Scan source + network in sequence, upload both
qtz-discovery-cli scan source . --format cbom --output source.json --upload
qtz-discovery-cli scan network api.mycompany.com:443 --format cbom --output network.json --upload

When --upload is set, both CBOMs are merged on the portal into a unified asset inventory.