Documentation

Learn how to use Ordo to secure your AI-generated code

1
Quick Start

Installation

Run Ordo directly without installation:

npx ordo scan

Or install globally

npm install -g ordo-cli
ordo scan

2
Core Concepts

What Ordo detects

  • SQL Injection - Unparameterized database queries that allow attackers to inject malicious SQL
  • Exposed API Keys - Hardcoded credentials in source code that leak in version control
  • Missing Rate Limiting - API endpoints without proper rate limiting protection
  • XSS Vulnerabilities - Unsanitized user input that can execute malicious scripts
  • Missing Authentication - API routes exposed without proper auth checks

How it works

Ordo uses pattern matching and static analysis to detect common security vulnerabilities in your codebase. It scans JavaScript, TypeScript, Python, and other common languages.

When a vulnerability is detected, Ordo suggests a fix that you can accept with a simple TAB key press, or dismiss if you want to handle it manually.

3
Commands

ordo scanMain command

Scans your current directory for security vulnerabilities

ordo scan
ordo watchReal-time

Continuously monitors your codebase for vulnerabilities as you code

ordo watch
ordo authSetup

Authenticate with Ordo to unlock Pro features and save scan history

ordo auth

4
Usage Example

Typical workflow

1

Run a scan

cd your-project
ordo scan
2

Review findings

Ordo shows you each vulnerability with an explanation and suggested fix

3

Accept or skip fixes

Press TAB to accept a fix, or ESC to skip

4

Deploy with confidence

Your code is now more secure and ready for production

Frequently Asked Questions

Is Ordo free?

Ordo offers 5 free scans per month. Pro plans with unlimited scans and advanced features are available for teams and professionals.

What languages does Ordo support?

Currently JavaScript, TypeScript, Python, and common web frameworks like Next.js, React, Express, and FastAPI. More languages coming soon.

Does Ordo send my code anywhere?

No. Ordo runs entirely locally on your machine. Your code never leaves your computer. Only anonymized scan metadata is sent to track usage limits.

Can I use Ordo in CI/CD?

Yes! Ordo can be integrated into your CI/CD pipeline. Pro plans include API access for automated scanning in GitHub Actions, GitLab CI, and other CI systems.

Need help?

Have questions or found a bug? We're here to help.

Reach out on Twitter →