Skip to content

QuantumScan

gitlab-org/gitlab-runner

gitlab-org/gitlab-runner
42
risk score
10 findings · 30 files scanned

GitLab Runner exhibits moderate post-quantum cryptography risks with 10 quantum-vulnerable findings across 5 files. The primary concerns involve RSA private key usage in GCS adapter tests and potential misidentification of AES256 symmetric encryption as ECDSA asymmetric patterns. While AES-256 remains quantum-resistant for symmetric encryption, RSA key management requires migration planning.

Recent findings
FileAlgorithmSeverity
cache/cacheconfig/cacheconfig_test.go:242ECDSAhigh
cache/cacheconfig/cacheconfig_test.go:248ECDSAhigh
cache/cacheconfig/cacheconfig_test.go:249ECDSAhigh
cache/cacheconfig/cacheconfig_test.go:250ECDSAhigh
cache/cacheconfig/cacheconfig.go:94ECDSAhigh
cache/cacheconfig/cacheconfig.go:63ECDSAhigh
cache/cacheconfig/cacheconfig.go:93ECDSAhigh
cache/gcs/adapter_test.go:25PKCS#1 (RSA-based)high
cache/gcsv2/adapter_test.go:17PKCS#1 (RSA-based)high
cache/s3/adapter_test.go:202ECDSAhigh
Exposure by language
Go10 · 100%
Compliance mapping
DORA
OK
NIS2
Partial
NIST PQC
Partial
Exports for compliance
Share read-only link

Anyone with this link can view the risk score and top findings — no sign-in required. Source code stays private.

https://quantumscan.io/en/share/490d235c-2b6f-439c-9b0c-5fad3aa5c60f
Add a badge to your README

Show your project's post-quantum readiness in the README. The badge updates automatically after every new scan.

Preview

Post-Quantum Readiness
Markdown
[![Post-Quantum Readiness](https://quantumscan.io/api/badge/gitlab-org/gitlab-runner.svg)](https://github.com/gitlab-org/gitlab-runner)
HTML
<a href="https://github.com/gitlab-org/gitlab-runner"><img src="https://quantumscan.io/api/badge/gitlab-org/gitlab-runner.svg" alt="Post-Quantum Readiness" /></a>

Add badge to your README

Show your quantum-safety score directly on GitHub.

QuantumScan badge preview
[![QuantumScan](https://quantumscan.io/api/badge/gitlab-org/gitlab-runner.svg)](https://quantumscan.io/en/scan/490d235c-2b6f-439c-9b0c-5fad3aa5c60f)

Save your results & track future changes

Create a free account to get drift alerts, compliance PDF exports, and scan history.

  • Weekly drift alerts when new vulnerabilities appear
  • Track risk score over time across all your repos
  • Export DORA / NIS2 compliance PDF for auditors

Free forever for design partners · No credit card