Open-source by design.
Enterprise by necessity.
QuantumScan was built to create a strong community against cyberattacks — for individuals and companies alike. Our mission is to strengthen digital security for everyone, without selling a US$200k consultancy.
Our mission
Building a strong community against cyberattacks, for individuals and companies alike. We scan GitHub, GitLab, Bitbucket repositories and ZIP uploads, identify vulnerable algorithms (RSA, ECDSA, DH, SHA-1, DES) and generate reports mapped to DORA, NIS2 and NIST PQC FIPS 203/204/205.
How we operate
Open-source, auditable
The scanner core is MIT licensed on GitHub. Any person or company can audit it, fork it or contribute. Transparency isn't marketing — it's architecture.
Privacy as a precondition
We scan, we don't store code. Only finding metadata stays in the database. Your repository never passes through a human-reviewed server.
Data first, revenue later
Phase 1 is 100% free. The goal is to build the largest dataset of cryptographic patterns — a competitive advantage large consultancies don't have.
No investor, no pressure
Built independently. No forced pivots. Roadmap driven by real design partners and the community.
Public stack
scanner-core
MIT detection engine. 37 critical patterns. C, C++, Python, Java, Go, Rust, .NET, JS/TS.
● MIT LicenseMulti-platform
GitHub · GitLab · Bitbucket · ZIP. Results in CBOM CycloneDX 1.7 + DORA/NIS2 PDF.
● Compliance-readyCommunity-built
Open external contributions. PR bot on GitHub App Marketplace. Public issues on the repo.
● Open to PRsWant to contribute?
scanner-core accepts PRs. New languages, new patterns, coverage improvements.