gitlab-org/gitlab-runner

Scanned on May 22, 2026

Risk score/ 100

Moderate risk

Summary

GitLab Runner exhibits moderate post-quantum cryptography risks with 10 quantum-vulnerable findings across 5 files. The primary concerns involve RSA private key usage in GCS adapter tests and potential misidentification of AES256 symmetric encryption as ECDSA asymmetric patterns. While AES-256 remains quantum-resistant for symmetric encryption, RSA key management requires migration planning.

Critical

High

Medium

Low

Top findings

HighECDSA
cache/cacheconfig/cacheconfig.go:94
ML-DSA (CRYSTALS-Dilithium) or SLH-DSA (SPHINCS+)
HighECDSA
cache/cacheconfig/cacheconfig_test.go:242
ML-DSA (CRYSTALS-Dilithium) or SLH-DSA (SPHINCS+)
HighECDSA
cache/cacheconfig/cacheconfig_test.go:248
ML-DSA (CRYSTALS-Dilithium) or SLH-DSA (SPHINCS+)
HighECDSA
cache/cacheconfig/cacheconfig_test.go:249
ML-DSA (CRYSTALS-Dilithium) or SLH-DSA (SPHINCS+)
HighECDSA
cache/cacheconfig/cacheconfig_test.go:250
ML-DSA (CRYSTALS-Dilithium) or SLH-DSA (SPHINCS+)

+ 5 more findings in the full report

Scan your own repository

Free. Results in ~90 seconds. CBOM + DORA/NIS2 PDF included.

Start a free scan