For CAC40 · DAX40 · IBEX35 · AEX25 security teams

Inventory your cryptography
before quantum breaks it.

CRYPTAGION discovers every cryptographic asset in your codebase, certificates, and live TLS endpoints — then scores quantum-vulnerability risk, generates a CycloneDX 1.6 CBOM, and produces a board-ready PDF mapped to DORA, NIS2, and the EU Cyber Resilience Act.

Book a discovery call Watch the 5-minute demo
Built in the EU · Deployable on-prem · Demo-able in 4 minutes
Why now

The post-quantum migration window is open.

Three independent forces have made cryptographic inventory a 2025 board topic.

01

NIST standards are final.

FIPS 203 (ML-KEM), FIPS 204 (ML-DSA) and FIPS 205 (SLH-DSA) shipped in August 2024. The "we're waiting for standards" excuse expired.

02

EU regulation is live.

DORA, NIS2, and the EU Cyber Resilience Act all require documented cryptographic resilience — with audit trails your existing GRC tooling can ingest.

03

HNDL exposure is now.

Any data with a confidentiality requirement beyond seven years is already inside the harvest-now-decrypt-later window under the NIST 2032 CRQC consensus.

The platform

Discover. Score. Deliver.

One pipeline, three deliverables — generated in seconds against a real customer codebase.

Discover

Find every key, hash and cert.

Static analysis across five languages, plus X.509 cert stores and live TLS endpoints.

  • Python (AST), JavaScript / TypeScript, Java, Go, C / C++
  • X.509 PEM / DER / CRT / CER, with validity + signature hash
  • Live TLS handshake inventory via sslyze
  • Source code never leaves your perimeter
Score

Risk anyone can defend.

0–100 score per asset, with reasoning. Tunable per data sensitivity and HNDL window.

  • Anchored to NIST IR 8413, BSI TR-02102-1, CNSA 2.0
  • Lifecycle signals: expired certs, aged keys
  • Per-asset sensitivity policy via .cryptagion.yaml
  • YAML-tunable weights — no forking required
Deliver

What your CISO sends the board.

A board-ready PDF, a standards-compliant CBOM, and a 4-wave migration roadmap — generated automatically.

  • CycloneDX 1.6 Crypto-BOM (validated against the strict schema)
  • Executive PDF mapped to DORA, NIS2, EU CRA, FIPS 203/204/205
  • 4-wave migration plan with effort estimates
  • Claude-generated narrative, with deterministic offline fallback
Interactive demo

No slides. Real output. Run it yourself.

Below is a CRYPTAGION run against the public pyca/cryptography repository — 60 cryptographic assets discovered, scored, and reported. Click Run to play it through.

cryptagion ~ live demo
Bar chart of 60 cryptographic assets by algorithm family
Donut chart of risk distribution: 30 critical, 11 medium, 19 low
Scatter plot of risk score against harvest-now-decrypt-later exposure

Want to see this against your code? Book a 30-minute call →

Sample output

Real numbers from a real public codebase.

Below: an unedited CRYPTAGION run against pyca/cryptography on its main branch — the cryptographic library that ships in almost every Python application in production today.

Bar chart: 60 cryptographic assets discovered across families
60 cryptographic assets across 7 algorithm families — MD5 and SHA-1 highlighted.
Donut chart: risk distribution across critical/high/medium/low
Risk distribution under a "confidential / 10-year secrecy" baseline.
Scatter plot: risk score against HNDL exposure window
Each finding plotted against its harvest-now-decrypt-later exposure.
Pricing

Built for procurement.

Fixed-fee discovery, transparent platform pricing, optional migration advisory. Public so your CISO does not have to "talk to sales" to budget it.

Discovery
€45,000
Fixed-fee · 60 days
  • Full discovery across code + certs + TLS
  • CycloneDX 1.6 Crypto-BOM
  • Board-ready PDF executive report
  • 4-wave migration roadmap
  • Regulatory mapping (DORA, NIS2, CRA)
Talk to us
Platform
from €80,000
per year
  • Everything in Discovery
  • Per-repo continuous monitoring
  • Quarterly CBOM refresh
  • Diff alerting on new cryptography
  • Regulator-ready audit trail
  • FastAPI service for CI/CD & SOAR integration
Scope a pilot
Migration advisory
Custom
Billed separately
  • Hands-on migration support
  • Cryptographic-agility design review
  • Delivered directly or through your security integrator
  • Reference architectures for ML-KEM, ML-DSA, SLH-DSA
Discuss scope

Pilot programme: first 5 reference customers receive a discounted Discovery engagement in exchange for a public reference and a 30-minute case-study interview. 3 spots remain.

Book a 30-minute discovery call

I will run CRYPTAGION against your code in the call.

Bring a representative repository (public, anonymised, or under NDA). You walk out with a real preview of your cryptographic posture. No slides. No salesforce.

Book a 30-minute call on Calendly

Or write directly: ali@cryptagion.io