What goes into the CBOM
Unlike a single-source scanner, CRYPTAGION combines three discovery surfaces into one inventory:
- Code — Python (AST), plus JavaScript/TypeScript, Java, Go and C/C++ (static analysis).
- Certificates — X.509 in PEM, DER, CRT and CER.
- TLS endpoints — live handshake inspection (protocols, cipher suites).
Each cryptographic asset becomes a first-class CycloneDX cryptographic-asset component, with algorithm family, key size/curve, mode, and a machine-readable quantum-security level.
Validated, portable, vendor-neutral
The output is schema-validated CycloneDX 1.6 — not a bespoke format. It is portable across your tooling, it survives the vendor, and it is the same artefact auditors increasingly expect. See what a CBOM captures, with an example.
More than inventory
A raw CBOM is the starting point. CRYPTAGION also produces a per-asset quantum-risk score, a harvest-now-decrypt-later exposure analysis, a board-ready PDF, and a wave-based migration roadmap. See how that compares to open-source CBOM tooling.
Want a CBOM of your own codebase? We generate one in the call — no payment until you’ve seen it work.
Book a free discovery call →