QS-hardcoded-keylowHardcoded cryptographic key
Description
Hardcoded keys are a critical operational security risk.
Quantum Threat
Suppressing False Positives
Add a suppression comment on the flagged line, or the line above it:
// quantumscan-ignore
const algo = "RSA"; // quantumscan-ignoreOr create a .quantumscan-ignore file in your project root to suppress by rule ID or file path:
# Suppress this rule in all files
hardcoded-key
# Suppress this rule only in test files
hardcoded-key:src/**/*.test.ts
# Suppress all rules in legacy files
src/legacy/**Regulatory & Standards References
ML-KEM (Kyber) — key encapsulation replacement for RSA/ECDH
ML-DSA (Dilithium) — signature replacement for ECDSA/RSA-sign
SLH-DSA (SPHINCS+) — hash-based signature fallback
Mandates ML-KEM-1024 + ML-DSA-87 for US national security systems. New systems: 2030. Legacy: 2033.
EU Digital Operational Resilience Act — ICT risk management must ensure cryptographic agility and algorithm rotation capabilities.
EU Network and Information Security Directive — adequacy of encryption and cryptographic standards as a baseline security measure.
Run a full AI-powered scan on your repository
QuantumScan detects this and 100+ other quantum-vulnerable patterns, then generates per-finding migration code diffs.
Scan your repository →