Skip to content
Free forever for design partners · DORA · NIS2 · NIST PQC

Is your code readyfor the quantum era?

Scan your GitHub repositories for cryptography vulnerable to quantum attacks. Your code is processed in memory — never stored, never logged. Use it free and help us perfect detection.

No credit card · 2-minute scan · GDPR-compliant

Star scanner-core on GitHub

Built for every ecosystem

From smart contracts to enterprise APIs

QuantumScan detects quantum-vulnerable cryptography across every type of project — from DeFi protocols to banking infrastructure.

New

Blockchain & Web3

Detects secp256k1, Ed25519 and smart contract signatures used by Ethereum, Bitcoin, Solana and DeFi protocols. Scans ethers.js, web3.js, Solidity .sol files and HD wallet libraries.

secp256k1Ed25519ecrecoverethers.jsSolidity

FinTech & Banking

Identifies RSA, ECDSA and weak TLS configurations inside payment systems, APIs and financial infrastructure. Maps findings to DORA and NIS2 requirements.

RSAECDSATLS 1.0/1.1PKCS#1DORA

Enterprise & Compliance

Export CBOM (CycloneDX 1.7) and DORA/NIS2 PDF reports. Know your quantum risk before regulators ask — deadline 2030.

CBOMNIS2NIST PQCPDF report

Open Source Libraries

Audit NPM packages, Python libraries and shared frameworks that millions of applications depend on. Already scanned Bitcoin, python-ecdsa and bc-java.

npmPyPIGitHubGitLabZIP upload

Privacy by architecture

Zero source code ever stored or logged

Privacy is not a promise — it's a right. It's an architecture you can audit. Four layers, all verifiable.

Memory-only processing — zero persistence

Your code is loaded into RAM, scanned for cryptographic patterns, and immediately purged. Zero bytes of source code reach our database or disk. Only findings — file path, line number, algorithm — are stored.

GitHub Actions mode (Enterprise — Phase 2)

Enterprise customers will run the scanner inside their own CI runner. Code never leaves their infrastructure — we receive only structured findings. Tracked on GitHub.

Open-source scanner core

Scanner core is MIT-licensed on GitHub with reproducible builds. Compile it yourself and verify the hash matches what we run.

Audit log per access

Every internal access generates an audit entry visible to you. You see who looked at your findings, when, and why — with cryptographic hashes.

Quantum readiness index · live

The numbers that matter

2030
Q-Day estimated by NIST

Cryptographically relevant quantum computers projected this decade.

€10M
DORA crypto fines

Maximum penalty for non-compliance under DORA Article 50.

87%
No crypto inventory

Of EU enterprises lack a cryptographic bill of materials.

The clock is ticking

Time Until Your Encryption Breaks

Quantum computers capable of breaking RSA-2048 are expected by 2030–2033. Regulatory deadlines are already set. Migration takes 2–5 years.

1275
days
:
17
hours
:
40
min
:
04
sec

Based on NIST FIPS 203/204/205 transition timeline and IBM Quantum roadmap estimates.

Scan your codebase now

How it works

Three steps from repo to audit

We scan, classify and certify. You ship the report.

01

Connect repository

Paste your repo URL or upload a ZIP. We process your code in memory on isolated infrastructure — zero bytes of source code stored or logged.

02

AI deep analysis

We detect RSA, ECC, weak hashes and outdated TLS across 15 languages including C# (.NET), Java, Go, Python and Rust. Every finding maps to ML-KEM, ML-DSA, or SLH-DSA.

03

Audit-ready report

CycloneDX 1.7 CBOM, executive PDF and DORA / NIS2 / ISO 27001 mapping — ready for your auditor.

Why now

Why this matters NOW

The quantum threat is not theoretical anymore. It is on the audit calendar.

Harvest now, decrypt later

Adversaries already capture encrypted traffic today, betting on quantum decryption before 2030. Long-lived secrets need PQC now.

Regulation tightens 2026–2030

DORA, NIS2 and BSI TR-02102 require cryptographic inventories and migration plans. Audits begin Q3 2026.

Migration takes 3–7 years

Refactoring TLS, KMS and signing pipelines is multi-year work. Inventory is the first deliverable — start before the audit.

Live demo preview

See it in action

acme/payments-api
68
risk score
14 findings · 372 files scanned
Recent findings
FileAlgorithmSeverity
auth/jwt.ts:47RSA-2048high
Security/CryptoService.cs:83RSACryptoServiceProviderhigh
crypto/legacy.py:89SHA-1critical
Auth/TokenSigner.cs:31CipherMode.ECBcritical
kms/sign.rs:64Ed25519medium
Exposure by language
TypeScript128 · 34%
C#97 · 26%
Go74 · 20%
Python49 · 13%
Rust26 · 7%

QuantumScan for Education

Teach students to build quantum-safe software

Free access for universities, coding bootcamps and online CS programs. Real PQC scanning — not simulations.

Classroom

Free

For courses up to 50 students

  • Unlimited public repo scans
  • GitHub Classroom auto-scan workflow
  • Risk score per student submission
  • Weekly CSV export for grading
Department

Free

For departments up to 500 students

  • Everything in Classroom
  • Private repo scanning
  • Aggregated department dashboard
  • Verified EDU badge for institution website
Research

Free

For OSS security research labs

  • Everything in Department
  • API access for automated scanning
  • Custom pattern contributions to scanner-core
  • Co-author credit in research publications

GitHub Classroom Integration

Auto-scan every student repo on push

Add one YAML file to your GitHub Classroom template. QuantumScan runs on every student push and posts the risk score as a PR check — no setup per student, no manual grading.

15+Languages scanned
50+Crypto patterns
FreeForever for EDU
MITOpen source

Institution badge

PQC-Ready Curriculum · QuantumScan

Institutions that adopt QuantumScan in their security curriculum receive a verified digital badge to display on their website and course catalog.

Design partners program

Quantum defense against cyberattacks: you protect, we learn, everyone gets stronger

We are in Phase 1: building the LATAM crypto-inventory dataset, not chasing MRR. You scan free. We learn from anonymized patterns. Everyone wins.

Strengthen the community against cyberattacks
  • Unlimited repositories — public or private
  • Weekly scans + drift alerts
  • Audit-ready PDF + CycloneDX 1.7 CBOM
  • DORA / NIS2 / NIST PQC / ISO 27001 mapping
  • Direct access to founder for feedback
  • Locked-in free price for 12 months minimum
Claim your spot

You scan. We publish anonymized aggregates. Zero bytes of source code stored.