QuantumScan
gitbutlerapp/gitbutler
The repository shows 59 critical findings, all related to SHA-1 usage within Git operations via the gix library. However, all identified instances are in test files, API macros, and Git object handling code where SHA-1 is used for Git compatibility, not cryptographic security. The actual business risk is low as these are inherent to Git's design and not used for authentication, encryption, or security-critical operations.
| File | Algorithm | Severity | |
|---|---|---|---|
| crates/but-core/src/commit/mod.rs:45 | SHA-1 | criticalBusiness impact 40 | |
| crates/but-core/tests/core/commit.rs:207 | SHA-1 | criticalBusiness impact 40 | |
| crates/but-core/tests/core/diff/tree_changes.rs:24 | SHA-1 | criticalBusiness impact 40 | |
| crates/but-core/tests/core/diff/tree_changes.rs:28 | SHA-1 | criticalBusiness impact 40 | |
| crates/but-core/tests/core/diff/tree_changes.rs:38 | SHA-1 | criticalBusiness impact 40 | |
| crates/but-core/tests/core/diff/tree_changes.rs:42 | SHA-1 | criticalBusiness impact 40 | |
| crates/but-core/tests/core/diff/tree_changes.rs:54 | SHA-1 | criticalBusiness impact 40 | |
| crates/but-core/tests/core/diff/tree_changes.rs:58 | SHA-1 | criticalBusiness impact 40 | |
| crates/but-core/tests/core/diff/tree_changes.rs:70 | SHA-1 | criticalBusiness impact 40 | |
| crates/but-core/tests/core/diff/tree_changes.rs:74 | SHA-1 | criticalBusiness impact 40 |
Anyone with this link can view the risk score and top findings — no sign-in required. Source code stays private.
https://quantumscan.io/en/share/6777b7b5-cbe9-43f2-bd23-f47e25462ef7Show your project's post-quantum readiness in the README. The badge updates automatically after every new scan.
[](https://github.com/gitbutlerapp/gitbutler)<a href="https://github.com/gitbutlerapp/gitbutler"><img src="https://quantumscan.io/api/badge/gitbutlerapp/gitbutler.svg" alt="Post-Quantum Readiness" /></a>Add badge to your README
Show your quantum-safety score directly on GitHub.
[](https://quantumscan.io/en/scan/6777b7b5-cbe9-43f2-bd23-f47e25462ef7)Save your results & track future changes
Create a free account to get drift alerts, compliance PDF exports, and scan history.
- Weekly drift alerts when new vulnerabilities appear
- Track risk score over time across all your repos
- Export DORA / NIS2 compliance PDF for auditors
Free forever for design partners · No credit card