Qryon

Find security vulnerabilities in seconds, not minutes.

# Install in 10 seconds
npm install -g qryon

# Find vulnerabilities instantly
qryon scan .

---

Why Qryon?

Feature	Qryon	Semgrep OSS	CodeQL
Scan 1M lines	45s	8+ min	15+ min
Languages	28	30+	12
Setup	npm i -g qryon	Docker/pip	Complex
Rules	647+	2500+	Varies
Cross-file taint	Yes	Pro only	Yes
Single binary	Yes	No	No
Price	Free	Free/Paid	Free

Qryon is 10x faster because it compiles Semgrep rules to native Rust matchers at build time - no interpreter overhead.

---

Quick Start

# Scan your project
qryon scan .

# Interactive TUI - browse findings with vim keys
qryon scan . --interactive

# CI/CD mode - SARIF output for GitHub Security tab
qryon scan . --output sarif -f results.sarif

# Watch mode - re-scan on file changes
qryon watch .

# AI-powered finding triage (triages static findings with AI)
export ANTHROPIC_API_KEY=sk-ant-...
qryon scan . --ai

# Use OpenAI instead
export OPENAI_API_KEY=sk-...
qryon scan . --ai --ai-provider openai

# Use local Ollama (free, no API key)
qryon scan . --ai --ai-provider local

More installation methods

Homebrew (macOS/Linux):

brew tap bumahkib7/tap && brew install qryon

Cargo (Rust):

cargo install qryon

Docker:

docker run -v $(pwd):/workspace ghcr.io/bumahkib7/qryon scan /workspace

Shell Script:

curl -fsSL https://raw.githubusercontent.com/bumahkib7/qryon/master/install.sh | bash

GitHub Actions:

- uses: bumahkib7/[email protected]
  with:
    path: '.'
    upload-sarif: true

---

What It Finds

critical[QRYON-S005]: SQL query built with format! - use parameterized queries
  --> src/database.rs:42:9
40 │     let user_input = get_input();
41 │
42 │     format!(
   │     ^^^^^^^^ SQL query built from untrusted input
43 │         "SELECT * FROM users WHERE name = '{}'",
44 │         user_input
   = note: rule: rust/sql-injection

Security Detection

• Injection attacks - SQL, command, XSS, LDAP, template injection
• Server-side vulnerabilities - SSRF, path traversal, deserialization
• Hardcoded secrets - API keys, passwords, tokens
• Cryptographic issues - Weak algorithms (MD5, SHA-1, DES), insecure modes
• Dependency CVEs - Real-time OSV.dev integration for Cargo, npm, PyPI, Go, Maven

Supported Languages

Language	Security Rules	Frameworks
Rust	unsafe, injection, crypto	Actix, Axum, Rocket
JavaScript/TypeScript	XSS, injection, secrets	Express, React, Next.js
Python	exec, injection, secrets	Django, Flask, FastAPI
Go	unsafe, SQL injection	Gin, Echo, GORM
Java	injection, crypto, deser	Spring, Jakarta

Plus 23 more languages with parsing and metrics support.

---

Interactive TUI

Browse findings, call graphs, and taint flows with keyboard navigation:

qryon scan . --interactive

Keyboard shortcuts: j/k navigate, Tab switch tabs, s filter severity, / search, q quit

---

GitHub Actions

name: Security Scan
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      security-events: write

    steps:
      - uses: actions/checkout@v4
      - uses: bumahkib7/[email protected]
        with:
          path: '.'
          upload-sarif: true

Findings appear in the GitHub Security tab automatically.

---

Qryon Dashboard - Team Features

Love the CLI? Qryon Dashboard adds powerful team features:

Feature	CLI	Dashboard
Scan & detect	Yes	Yes
Historical trends	-	Yes
AI-powered explanations	-	Yes
Auto-fix suggestions	-	Yes
Team collaboration	-	Yes
Baseline diffs	-	Yes
PR integration	-	Yes
RBAC & audit logs	-	Yes

Try Qryon Dashboard free →

---

Advanced Features

Cross-File Taint Tracking

Track data flows across file and function boundaries:

qryon flows . --evidence --group-by sink-type

• Forward taint propagation
• Path-sensitive analysis
• Sanitizer recognition
• Symbolic path conditions

Dependency Vulnerability Scanning

Integrated with OSV.dev for real-time CVE detection:

qryon security .

Supports: Cargo, npm, PyPI, Go modules, Maven

HTTP API (Daemon Mode)

qryon daemon --port 9876

REST API + WebSocket for IDE integration.

IDE Integrations

• VS Code - Real-time diagnostics
• Neovim - Native plugin
• JetBrains - IntelliJ, WebStorm, PyCharm

WASM Plugins

Extend with custom analysis rules:

qryon plugin install ./my-plugin.wasm

---

How It Works

Qryon compiles Semgrep community rules at build time into optimized native matchers:

┌─────────────────────────────────────────────────────────┐
│                     BUILD TIME                          │
│  semgrep-rules/*.yaml  →  build.rs  →  compiled_rules  │
│                                           (embedded)    │
└─────────────────────────────────────────────────────────┘
                            ↓
┌─────────────────────────────────────────────────────────┐
│                      RUNTIME                            │
│  source.rs  →  tree-sitter  →  AST  →  pattern match  │
│                                               ↓         │
│                                           Findings      │
└─────────────────────────────────────────────────────────┘

Result: No interpreter overhead. No Semgrep dependency. Single binary.

---

Configuration

qryon init  # Creates qryon.toml

[scan]
include = ["src/**"]
exclude = ["node_modules/**", "target/**"]

[rules]
enable = ["*"]
disable = ["js/console-log"]

[profiles.strict]
max_function_lines = 50
max_complexity = 10

Inline suppression:

// qryon-ignore-next-line js/xss-sink reason="content is sanitized"
element.textContent = processedContent;

---

Benchmarks

hyperfine 'qryon scan /path/to/repo' 'semgrep --config auto /path/to/repo'

On a 500K LOC monorepo:

• Qryon: 23 seconds
• Semgrep: 4 minutes 12 seconds

---

Contributing

Contributions welcome! See CONTRIBUTING.md.

make build    # Build all crates
make test     # Run tests
make lint     # Run lints

License

MIT or Apache-2.0, at your option.

---

Documentation · Dashboard · Issues

Made with Rust