Essential
Active
Technical operation, security, session, consent, and basic interface preferences.
● v0.2.2 Stable
Native Security for
Modern Engineering
Detect vulnerabilities in real-time within VS Code. Centralize findings via API without ever uploading your full codebase. The hybrid architecture for high-velocity teams.
AVAILABLE NOW
Security in the Flow.
Our native extension transforms your IDE into a fortress. It's not a plugin; it's a co-pilot that scans your code locally and only uploads verified risks.
100% Offline Privacy
AI Fast Fix
Issue Automation
System of Record
The Shared Security Memory.
The dashboard and Web API turn local scans into a team system of record: projects, scans, findings, dependency vulnerabilities, shared suppressions, and KPIs in one multi-tenant system.
Audit Traceability
Project, scan, and suppression events remain traceable end to end.
Workspace Access
Google, Magic Link, and SSO flows tied to company-scoped roles.
Multi-Tenant Isolation
Projects, scans, and findings stay partitioned by company by design.
Bulk Ingest API
Create projects and scans or sync findings and dependency data from IDE or CI.
Ecosystem
Built Around the Stack You Already Use.
Today the real product surface is VS Code, the Oryon dashboard and API, GitHub and GitLab workflows, enterprise auth, and the cloud or IaC formats already living in your repo.
Workflow
How it Works
Oryon starts in the IDE, reduces noise conservatively, and only syncs to the dashboard what deserves team-level follow-up.
01 Scan locally
The extension analyzes files while you edit or save, and full repositories on demand. It respects `.gitignore`, selects rules by stack, and combines code with dependency analysis.
Live scan and workspace scan
OpenGrep plus dependency analysis
`.gitignore` awareness and severity filters
02 Cut the noise
Before anything is enriched or uploaded, Oryon applies shared suppressions, a heuristic prefilter, and a two-pass AI triage flow. If the system is unsure, the finding stays.
Shared suppressions per repository
Two-pass AI triage with strict consensus
Fail-safe keeps on error or uncertainty
03 Explain and prepare action
The findings that survive get enriched with local context, technical explanation, and remediation guidance. From results you can export, apply diff-based fixes, or open a GitHub or GitLab issue draft.
Ephemeral AI key and minimal context
Explanation, snippet, and remediation hints
Diff-based fixes and issue drafts
04 Sync to the dashboard
Once the repository is linked, the extension creates a scan, uploads findings and dependency vulnerabilities in bulk, and updates team visibility without turning the cloud into the scanning engine.
Repo-to-project linking via `repo_hash`
Chunked uploads with idempotency
KPIs, audit trail, and centralized follow-up