Skip to content

QuantumScan

docling-project/docling

docling-project/docling
42
risk score
1 findings · 200 files scanned

The repository contains one critical finding related to the use of a curl command that explicitly allows TLS 1.2 but is part of a shell script download pattern that could be manipulated. While the command itself enforces TLS 1.2 (not 1.0/1.1), the use of 'curl | sh' for installing external dependencies presents a supply chain risk. This is a LaTeX backend engine component with moderate business impact if compromised.

Recent findings
FileAlgorithmSeverity
docling/backend/latex/engines/tectonic.py:86TLS 1.0 / 1.1criticalBusiness impact 45
Exposure by language
Python1 · 100%
Compliance mapping
DORA
Partial
NIS2
OK
NIST PQC
Partial
Exports for compliance
Share read-only link

Anyone with this link can view the risk score and top findings — no sign-in required. Source code stays private.

https://quantumscan.io/en/share/08229c4f-34e6-4c48-902f-6349e6b5f83f
Add a badge to your README

Show your project's post-quantum readiness in the README. The badge updates automatically after every new scan.

Preview

Post-Quantum Readiness
Markdown
[![Post-Quantum Readiness](https://quantumscan.io/api/badge/docling-project/docling.svg)](https://github.com/docling-project/docling)
HTML
<a href="https://github.com/docling-project/docling"><img src="https://quantumscan.io/api/badge/docling-project/docling.svg" alt="Post-Quantum Readiness" /></a>

Add badge to your README

Show your quantum-safety score directly on GitHub.

QuantumScan badge preview
[![QuantumScan](https://quantumscan.io/api/badge/docling-project/docling.svg)](https://quantumscan.io/en/scan/08229c4f-34e6-4c48-902f-6349e6b5f83f)

Save your results & track future changes

Create a free account to get drift alerts, compliance PDF exports, and scan history.

  • Weekly drift alerts when new vulnerabilities appear
  • Track risk score over time across all your repos
  • Export DORA / NIS2 compliance PDF for auditors

Free forever for design partners · No credit card