Point it at a repo or a list of packages, it checks against known CVE databases, reports vulnerabilities, runs on a schedule. The security check that never gets done manually.
Every operation in Ordnance is available through a JSON REST API. No SDK required — use curl, fetch, or any HTTP client.
GET /api/releases — list all releases with optional search and filter query parametersPOST /api/releases — create a new release recordGET /api/releases/{id} — retrieve a single release by IDPUT /api/releases/{id} — update an existing releaseDELETE /api/releases/{id} — remove a releaseGET /api/stats — aggregated statistics with status breakdownGET /api/health — health check endpoint for monitoringPrivacy-conscious teams often build internal releases workflows in Notion or Google Sheets because the alternative is a $200/month SaaS contract. Ordnance gives you a purpose-built tool at a fraction of the cost, running on infrastructure you already control.
A devops team integrates Ordnance into their CI pipeline. A post-deploy hook creates a release record via the API. The stats endpoint feeds a Grafana panel. When something goes wrong, the team searches releases by keyword to find related records without switching tools.
Deploy Ordnance as a systemd service, a Docker container, or a bare process behind tmux. It reads two environment variables: PORT and DATA_DIR. Everything else is self-contained. The /api/health endpoint returns the service status and releases count, which you can wire into your existing monitoring stack.
GET /api/releases — List all releases. Supports ?q=keyword for search and ?status=value for filteringPOST /api/releases — Create a new release. Send JSON with at least nameGET /api/releases/{id} — Fetch one release by IDPUT /api/releases/{id} — Update fields on an existing releaseDELETE /api/releases/{id} — Remove a releaseGET /api/stats — Returns total count and breakdown by statusGET /api/health — Returns {"status":"ok"} for uptime monitoringSelf-hosted vulnerability scanner. Self-hosted on your infrastructure. Your data never leaves your server.
curl -fsSL https://stockyard.dev/install.sh | sh -s -- --tool ordnance
PORT=9720 ./ordnance
http://localhost:9720
Single binary. Embedded SQLite. No Docker. No database. No dependencies.
Your license key arrives by email within 5 minutes of checkout. Set it as an environment variable and restart the binary.
export ORDNANCE_LICENSE_KEY=stockyard_xxxxxxxxxxxxxxxxxxxx ./ordnance
No cloud connectivity required. The binary validates the key offline with Ed25519 signatures.