Powered by OpenAIRE graph
Found an issue? Give us feedback
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/ ZENODOarrow_drop_down
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
ZENODO
Preprint . 2026
License: CC BY
Data sources: ZENODO
ZENODO
Preprint . 2026
License: CC BY
Data sources: Datacite
ZENODO
Preprint . 2026
License: CC BY
Data sources: Datacite
 View all 2 versions
Claim

Automated Cryptographic Bill of Materials Generation for Quantum Readiness Assessment: A Multi-Language Static Analysis Approach

descriptionPublicationkeyboard_double_arrow_right Preprint 22 Apr 2026Publisher:Zenodo
Authors: Jain, Gunjan;

doi: 10.5281/zenodo.19687320 , 10.5281/zenodo.19687318

Automated Cryptographic Bill of Materials Generation for Quantum Readiness Assessment: A Multi-Language Static Analysis Approach

Abstract

Quantum readiness requires organizations to inventory every cryptographic algorithm in their codebase -- a task that is infeasible to perform manually at scale. We present a multi-language cryptographic code scanner that performs static analysis across six programming languages (JavaScript/TypeScript, Python, Go, Java, Rust, C/C), identifies cryptographic API usage, classifies algorithms by quantum risk level, and generates a Cryptographic Bill of Materials (CBOM) in CycloneDX format. The scanner also detects embedded secrets (30+ patterns), analyzes binary files for cryptographic constants (AES S-box, SHA-256 initial values), and provides a CI/CD quality gate for enforcing post-quantum migration policies. We describe the pattern matching architecture, evaluate coverage across real-world codebases, and demonstrate integration with FTQC attack cost estimation for actionable quantum risk timelines.

Keywords

quantum readiness, static analysis, CBOM, post-quantum migration, CycloneDX, cryptographic bill of materials

  • BIP!
    Impact byBIP!
    selected citations
    These citations are derived from selected sources.
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 0
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    		 Average
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 Average
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    		 Average
Powered by OpenAIRE graph
Found an issue? Give us feedback
selected citations
These citations are derived from selected sources.
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Citations provided by BIP!
popularity
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
BIP!Popularity provided by BIP!
influence
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Influence provided by BIP!
impulse
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
BIP!Impulse provided by BIP!
0
Average
Average
Average