Skip to content

QuantumScan

gitbutlerapp/gitbutler

gitbutlerapp/gitbutler
25
risk score
50 findings · 200 files scanned

The repository shows 59 critical findings, all related to SHA-1 usage within Git operations via the gix library. However, all identified instances are in test files, API macros, and Git object handling code where SHA-1 is used for Git compatibility, not cryptographic security. The actual business risk is low as these are inherent to Git's design and not used for authentication, encryption, or security-critical operations.

Recent findingsView all findings →
FileAlgorithmSeverity
crates/but-core/src/commit/mod.rs:45SHA-1criticalBusiness impact 40
crates/but-core/tests/core/commit.rs:207SHA-1criticalBusiness impact 40
crates/but-core/tests/core/diff/tree_changes.rs:24SHA-1criticalBusiness impact 40
crates/but-core/tests/core/diff/tree_changes.rs:28SHA-1criticalBusiness impact 40
crates/but-core/tests/core/diff/tree_changes.rs:38SHA-1criticalBusiness impact 40
crates/but-core/tests/core/diff/tree_changes.rs:42SHA-1criticalBusiness impact 40
crates/but-core/tests/core/diff/tree_changes.rs:54SHA-1criticalBusiness impact 40
crates/but-core/tests/core/diff/tree_changes.rs:58SHA-1criticalBusiness impact 40
crates/but-core/tests/core/diff/tree_changes.rs:70SHA-1criticalBusiness impact 40
crates/but-core/tests/core/diff/tree_changes.rs:74SHA-1criticalBusiness impact 40
Exposure by language
Rust50 · 100%
Compliance mapping
DORA
OK
NIS2
OK
NIST PQC
Partial
Exports for compliance
Share read-only link

Anyone with this link can view the risk score and top findings — no sign-in required. Source code stays private.

https://quantumscan.io/en/share/6777b7b5-cbe9-43f2-bd23-f47e25462ef7
Add a badge to your README

Show your project's post-quantum readiness in the README. The badge updates automatically after every new scan.

Preview

Post-Quantum Readiness
Markdown
[![Post-Quantum Readiness](https://quantumscan.io/api/badge/gitbutlerapp/gitbutler.svg)](https://github.com/gitbutlerapp/gitbutler)
HTML
<a href="https://github.com/gitbutlerapp/gitbutler"><img src="https://quantumscan.io/api/badge/gitbutlerapp/gitbutler.svg" alt="Post-Quantum Readiness" /></a>

Add badge to your README

Show your quantum-safety score directly on GitHub.

QuantumScan badge preview
[![QuantumScan](https://quantumscan.io/api/badge/gitbutlerapp/gitbutler.svg)](https://quantumscan.io/en/scan/6777b7b5-cbe9-43f2-bd23-f47e25462ef7)

Save your results & track future changes

Create a free account to get drift alerts, compliance PDF exports, and scan history.

  • Weekly drift alerts when new vulnerabilities appear
  • Track risk score over time across all your repos
  • Export DORA / NIS2 compliance PDF for auditors

Free forever for design partners · No credit card