CryptoScan is a free open source tool that scans source code for quantum-vulnerable cryptographic patterns like RSA, ECDSA, and ECDH. It supports multiple languages and outputs SARIF reports compatible with GitHub Security.

How do I check if my encryption is quantum safe?

Use QRAMM's free tools: CryptoScan analyzes source code for vulnerable cryptography, TLS Analyzer checks your server configurations, and CryptoDeps audits your project dependencies. Together they provide comprehensive quantum readiness assessment.

What is a Cryptographic Bill of Materials (CBOM)?

A CBOM is an inventory of all cryptographic assets in your software, including algorithms, key sizes, and libraries used. CryptoDeps generates CBOMs automatically by scanning your project dependencies.

Free Quantum Security Tools | CryptoScan, TLS Analyzer, CryptoDeps

CryptoScan

Available Now

Discover and inventory cryptographic assets in your codebase. CryptoScan scans source code, configurations, and dependencies to identify cryptographic implementations vulnerable to quantum attacks.

Key Features

Detects RSA, ECDSA, AES, MD5, SHA-1 and more
Classifies findings by quantum vulnerability level
SARIF output for GitHub Security integration
Generates CycloneDX Cryptographic BOM (CBOM)
CI/CD pipeline integration ready

View on GitHub Read Guide

TLS Analyzer

Available Now

Analyze TLS/SSL configurations across your infrastructure for quantum readiness. Evaluates cipher suites, protocols, and certificates against CNSA 2.0 compliance timelines.

Key Features

Scans TLS configurations and certificates
CNSA 2.0 compliance timeline assessment
Generates detailed HTML security reports
CycloneDX CBOM output for compliance
Bulk endpoint scanning capability

View on GitHub Read Guide

CryptoDeps

Available Now

Identify quantum-vulnerable cryptographic algorithms hiding in your software dependencies. Analyzes Go, npm, Python, and Maven packages for cryptographic usage and quantum risk exposure.

Key Features

Scans Go, npm, Python, and Maven dependencies
Quantum risk classification (VULNERABLE, PARTIAL, SAFE)
CycloneDX CBOM and SARIF output formats
Workspace & monorepo support (npm, pnpm, Go)
Direct GitHub repository scanning
CI/CD pipeline integration ready

View on GitHub Read Guide

CryptoServe

Available Now

Enterprise cryptography as a service. CryptoServe provides a unified API for encryption, signatures, and key management with built-in support for NIST post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA).

Key Features

275+ cryptographic API endpoints
NIST PQC: ML-KEM (FIPS 203), ML-DSA (FIPS 204), SLH-DSA (FIPS 205)
FIPS 140-2/3 validated cryptography
Hybrid classical + post-quantum modes
Automated key rotation and audit logging
Cryptographic Bill of Materials (CBOM) generation

View on GitHub Documentation

Tool Comparison

Choose the right tool based on your assessment needs

Feature	CryptoScan	TLS Analyzer	CryptoDeps	CryptoServe
Primary Use	Source code and configuration scanning	Network endpoint and certificate analysis	Dependency and package scanning	Cryptography API service
Scan Target	Codebases, repositories, config files	TLS endpoints, SSL certificates	Go, npm, Python, Maven dependencies	Application integration (REST API)
Output Formats	SARIF, CycloneDX CBOM, JSON, CSV	HTML reports, CycloneDX CBOM, JSON	SARIF, CycloneDX CBOM, JSON	JSON API, CBOM, Audit logs
CI/CD Integration	GitHub Actions, GitLab CI, Jenkins	Any CI/CD pipeline	GitHub Actions, any CI/CD pipeline	REST API, Python SDK
Compliance Mapping	NIST PQC, CNSA 2.0	CNSA 2.0 timelines	NIST PQC, quantum risk levels	FIPS 140-2/3, NIST PQC (FIPS 203/204/205)

Open Source Tools

CryptoScan

Key Features

TLS Analyzer

Key Features

CryptoDeps

Key Features

CryptoServe

Key Features

Tool Comparison

Ready to Assess Your Quantum Readiness?