Open-source GitHub Action scans codebases for quantum-vulnerable cryptography in CI
A free, open-source GitHub Action called pq-readiness-scorecard lets developers automatically scan their repositories for cryptographic vulnerabilities on every push or pull request. The tool grades post-quantum readiness on an A–F scale, flags classically broken algorithms like MD5, RC4, and 3DES, and generates a CycloneDX 1.6 cryptographic bill of materials (CBOM). It can be configured to fail builds when vulnerable crypto is detected, helping teams enforce cryptographic hygiene before code merges. The tool is relevant amid growing regulatory pressure from frameworks such as CNSA 2.0, DORA, and NIS2, which now mandate cryptographic risk management. A browser-based scanner is also available for quick checks without any CI setup.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in