Qryon
Documentation

Qryon Documentation

Complete guide to using Qryon for security scanning and code analysis.

Installation

Get Qryon installed via npm, cargo, or homebrew

Quick Start

Scan your first project in under 5 minutes

Security Rules

647+ rules covering OWASP Top 10 and more

Configuration

Customize Qryon for your project needs

What is Qryon?

Qryon is a high-performance static security analyzer built in Rust. It scans codebases for security vulnerabilities, code quality issues, and potential bugs across multiple programming languages.

Key Features

  • Blazing Fast - Scans millions of lines of code in seconds using parallel processing
  • Polyglot Support - JavaScript, TypeScript, Python, Rust, Go, and Java
  • 647+ Security Rules - Comprehensive coverage of OWASP Top 10 vulnerabilities
  • Cross-File Taint Analysis - Track data flows across file boundaries
  • Call Graph Generation - Visualize function relationships with security context
  • Interactive TUI - Browse findings with keyboard navigation
  • CI/CD Integration - SARIF output for GitHub Code Scanning
  • Analysis Caching - Content-hash based caching for fast re-scans

Supported Languages

LanguageExtensionsParser
JavaScript.js, .jsx, .mjstree-sitter + oxc
TypeScript.ts, .tsxtree-sitter + oxc
Python.pytree-sitter
Rust.rstree-sitter
Go.gotree-sitter
Java.javatree-sitter

Quick Example

# Install Qryon
npm install -g rma-cli

# Scan your project
rma scan .

# Interactive mode
rma scan --interactive

# Output SARIF for GitHub
rma scan . --format sarif > results.sarif

Architecture Overview

Qryon is built as a modular Rust workspace with the following crates:

  • rma-cli - Command-line interface and TUI
  • rma-analyzer - Core analysis engine
  • rma-parser - Language parsing with tree-sitter
  • rma-rules - 647+ Semgrep-compatible rules
  • rma-common - Shared types and utilities
  • rma-lsp - Language Server Protocol support

Getting Help

If you need help with Qryon: