Show HN: Grade your code's post-quantum crypto exposure A–F, free, in-browser
10 hours ago
- #DevOps
- #Cybersecurity
- #Post-Quantum Cryptography
- A Cryptographic Bill of Materials (CBOM) is crucial for identifying quantum-vulnerable cryptography in your stack as part of PQC migration.
- An open-source scanner provides a full scan in CI/CD workflows, generating a CycloneDX 1.6 CBOM, SARIF report, and an A–F grade badge without uploading data.
- The scan can be run locally via npm or integrated into GitHub Actions, with options to fail builds on broken classical cryptography.
- For audit readiness, an Evidence Pack Express offers a cryptographically signed deliverable including an executive summary, findings, CBOM, and migration plan.
- Note: The scanner is lexical, findings are leads to verify, not a complete inventory, and it does not guarantee quantum safety or certification.