{ "components": [ { "bom-ref": "crypto/0320574f-23e1-48bd-9a5c-b2dc367e92ee", "cryptoProperties": { "algorithmProperties": { "primitive": "block-cipher" }, "assetType": "algorithm" }, "description": "AES cipher (transitional \u2014 AES-256 quantum-safe under Grover) discovered in encrypt.go:11", "name": "AES", "type": "cryptographic-asset" }, { "bom-ref": "crypto/2ee12dcd-a315-4019-a759-8060f2fe1bd8", "cryptoProperties": { "algorithmProperties": { "primitive": "block-cipher" }, "assetType": "algorithm" }, "description": "AES usage discovered in encryption.py:9", "name": "AES", "type": "cryptographic-asset" }, { "bom-ref": "crypto/9be7212c-1679-412b-a85d-37f775475227", "cryptoProperties": { "algorithmProperties": { "mode": "gcm", "parameterSetIdentifier": "256", "primitive": "block-cipher" }, "assetType": "algorithm" }, "description": "OpenSSL AES cipher (transitional \u2014 AES-256 quantum-safe under Grover) (256-bit)/GCM discovered in aes_gcm.c:8", "name": "AES-256-GCM", "type": "cryptographic-asset" }, { "bom-ref": "crypto/aca0fa45-2752-4f50-9bbf-ea70c059c853", "cryptoProperties": { "algorithmProperties": { "mode": "gcm", "parameterSetIdentifier": "256", "primitive": "block-cipher" }, "assetType": "algorithm" }, "description": "AES cipher (transitional \u2014 AES-256 quantum-safe under Grover) (256-bit)/GCM discovered in encrypt.js:6", "name": "AES-256-GCM", "type": "cryptographic-asset" }, { "bom-ref": "crypto/1f3e8c52-2c7f-42a4-a988-4a63c5aee700", "cryptoProperties": { "algorithmProperties": { "mode": "gcm", "primitive": "block-cipher" }, "assetType": "algorithm" }, "description": "AES mode: GCM discovered in encryption.py:9", "name": "AES-GCM", "type": "cryptographic-asset" }, { "bom-ref": "crypto/2bdc8c91-851a-46f8-9631-b58f502f134e", "cryptoProperties": { "algorithmProperties": { "mode": "gcm", "primitive": "block-cipher" }, "assetType": "algorithm" }, "description": "AES cipher (transitional \u2014 AES-256 quantum-safe under Grover)/GCM discovered in CardEncryptor.java:14", "name": "AES-GCM", "type": "cryptographic-asset" }, { "bom-ref": "crypto/35f68b01-b072-4057-bae8-dbb0037457c0", "cryptoProperties": { "algorithmProperties": { "mode": "gcm", "primitive": "block-cipher" }, "assetType": "algorithm" }, "description": "AES-GCM mode/GCM discovered in encrypt.go:15", "name": "AES-GCM", "type": "cryptographic-asset" }, { "bom-ref": "crypto/004e95c2-c143-4853-a48e-018c85be4c1d", "cryptoProperties": { "algorithmProperties": { "primitive": "signature" }, "assetType": "algorithm" }, "description": "SECP256R1 usage discovered in server.py:7", "name": "ECDSA", "type": "cryptographic-asset" }, { "bom-ref": "crypto/0ad91ef0-b16b-46a1-baa7-f8929e4794b8", "cryptoProperties": { "algorithmProperties": { "primitive": "signature" }, "assetType": "algorithm" }, "description": "SECP384R1 usage discovered in server.py:12", "name": "ECDSA", "type": "cryptographic-asset" }, { "bom-ref": "crypto/52ebd0b7-7443-46ee-8176-41fb8cd1b602", "cryptoProperties": { "algorithmProperties": { "curve": "SECP256R1", "parameterSetIdentifier": "256", "primitive": "signature" }, "assetType": "certificate", "certificateProperties": { "certificateFormat": "X.509", "issuerName": "client-paris-01", "notValidAfter": "2027-05-23T22:21:48+02:00", "notValidBefore": "2026-04-23T22:21:48+02:00", "subjectName": "client-paris-01" } }, "description": "X.509 cert: client-paris-01 (ecdsa-256) discovered in mtls_client.crt:?", "name": "ECDSA-256", "type": "cryptographic-asset" }, { "bom-ref": "crypto/f8d35d3e-c171-48e8-9c5c-a1307b52e974", "cryptoProperties": { "algorithmProperties": { "curve": "SECP384R1", "parameterSetIdentifier": "384", "primitive": "signature" }, "assetType": "certificate", "certificateProperties": { "certificateFormat": "X.509", "issuerName": "vault.acme.internal", "notValidAfter": "2027-05-23T22:21:48+02:00", "notValidBefore": "2026-04-23T22:21:48+02:00", "subjectName": "vault.acme.internal" } }, "description": "X.509 cert: vault.acme.internal (ecdsa-384) discovered in backend_high_assurance.pem:?", "name": "ECDSA-384", "type": "cryptographic-asset" }, { "bom-ref": "crypto/5cf04259-2a53-4c0d-a35d-fe9b757d02a0", "cryptoProperties": { "algorithmProperties": { "curve": "P-256", "primitive": "signature" }, "assetType": "algorithm" }, "description": "ECDSA key pair generation (quantum-vulnerable)/P-256 discovered in server.js:5", "name": "ECDSA-P-256", "type": "cryptographic-asset" }, { "bom-ref": "crypto/ec4b71e8-fd7e-434a-9168-9399af66625e", "cryptoProperties": { "algorithmProperties": { "curve": "P-384", "primitive": "signature" }, "assetType": "algorithm" }, "description": "ECDSA key pair generation (quantum-vulnerable)/P-384 discovered in server.js:9", "name": "ECDSA-P-384", "type": "cryptographic-asset" }, { "bom-ref": "crypto/3134b7e5-a1ec-4d7c-bb7d-09f56fc2273c", "cryptoProperties": { "algorithmProperties": { "curve": "P256", "primitive": "signature" }, "assetType": "algorithm" }, "description": "ecdsa.GenerateKey (quantum-vulnerable)/P256 discovered in server.go:11", "name": "ECDSA-P256", "type": "cryptographic-asset" }, { "bom-ref": "crypto/2f5528c7-a82b-4720-b8a8-6baee7465453", "cryptoProperties": { "algorithmProperties": { "curve": "P384", "primitive": "signature" }, "assetType": "algorithm" }, "description": "ecdsa.GenerateKey (quantum-vulnerable)/P384 discovered in server.go:15", "name": "ECDSA-P384", "type": "cryptographic-asset" }, { "bom-ref": "crypto/557dfd5d-2046-41d9-a45c-2342e9812ab4", "cryptoProperties": { "algorithmProperties": { "curve": "SECP256R1", "primitive": "signature" }, "assetType": "algorithm" }, "description": "ECDSA key generation discovered in server.py:7", "name": "ECDSA-SECP256R1", "type": "cryptographic-asset" }, { "bom-ref": "crypto/d967eb4c-780b-4e9d-80ed-1260a312d870", "cryptoProperties": { "algorithmProperties": { "curve": "SECP256R1", "primitive": "signature" }, "assetType": "algorithm" }, "description": "EC key pair generation (quantum-vulnerable)/SECP256R1 discovered in ServerKeys.java:11", "name": "ECDSA-SECP256R1", "type": "cryptographic-asset" }, { "bom-ref": "crypto/9f33a83a-ce82-408c-a126-90873d6fb62e", "cryptoProperties": { "algorithmProperties": { "curve": "SECP384R1", "primitive": "signature" }, "assetType": "algorithm" }, "description": "ECDSA key generation discovered in server.py:12", "name": "ECDSA-SECP384R1", "type": "cryptographic-asset" }, { "bom-ref": "crypto/cd7cb9fc-4ee3-4d15-8e0d-1f7ba6045f8b", "cryptoProperties": { "algorithmProperties": { "curve": "SECP384R1", "primitive": "signature" }, "assetType": "algorithm" }, "description": "EC key pair generation (quantum-vulnerable)/SECP384R1 discovered in ServerKeys.java:17", "name": "ECDSA-SECP384R1", "type": "cryptographic-asset" }, { "bom-ref": "crypto/2591f8c9-3115-4e10-a362-af06806b14e7", "cryptoProperties": { "algorithmProperties": { "primitive": "signature" }, "assetType": "algorithm" }, "description": "libsodium signature (Ed25519 \u2014 quantum-vulnerable) discovered in libsodium_sign.c:9", "name": "Ed25519", "type": "cryptographic-asset" }, { "bom-ref": "crypto/f7e7e914-99bd-41af-919c-0d6ce9c99e5c", "cryptoProperties": { "algorithmProperties": { "primitive": "signature" }, "assetType": "algorithm" }, "description": "libsodium signature (Ed25519 \u2014 quantum-vulnerable) discovered in libsodium_sign.c:7", "name": "Ed25519", "type": "cryptographic-asset" }, { "bom-ref": "crypto/d7f450e6-3e95-4c6e-b033-ac189cee0df9", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "256", "primitive": "signature" }, "assetType": "certificate", "certificateProperties": { "certificateFormat": "X.509", "issuerName": "auth.acme.eu", "notValidAfter": "2027-05-23T22:21:48+02:00", "notValidBefore": "2026-04-23T22:21:48+02:00", "subjectName": "auth.acme.eu" } }, "description": "X.509 cert: auth.acme.eu (ed25519-256) discovered in modern_service.pem:?", "name": "Ed25519-256", "type": "cryptographic-asset" }, { "bom-ref": "crypto/322dae89-5a9d-49fe-bd12-51a1c33638df", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "MD5 hash usage (broken since 2004) discovered in hash.js:9", "name": "MD5", "type": "cryptographic-asset" }, { "bom-ref": "crypto/39cfaad0-96e2-4f10-9913-2a471c54f234", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "OpenSSL MD5 usage (broken since 2004) discovered in legacy_hash.c:13", "name": "MD5", "type": "cryptographic-asset" }, { "bom-ref": "crypto/64b094b1-eba9-4eeb-b20c-0e25072e75c1", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "md5.New() (broken since 2004) discovered in hash.go:14", "name": "MD5", "type": "cryptographic-asset" }, { "bom-ref": "crypto/688eaf6c-115c-474d-bdb1-e053b015d6d0", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "MessageDigest MD5 usage (broken since 2004) discovered in LegacyHasher.java:14", "name": "MD5", "type": "cryptographic-asset" }, { "bom-ref": "crypto/813e9f19-24b4-4ab5-9c11-9547e560b9e6", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "md5 usage discovered in sha1_hasher.py:13", "name": "MD5", "type": "cryptographic-asset" }, { "bom-ref": "crypto/df8910cb-8717-40d0-8bd5-6eb771a2a1d8", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "OpenSSL MD5 usage (broken since 2004) discovered in legacy_hash.c:19", "name": "MD5", "type": "cryptographic-asset" }, { "bom-ref": "crypto/11653a40-8a8a-4a36-9d54-6ddeb02fdbe3", "cryptoProperties": { "algorithmProperties": { "primitive": "pke" }, "assetType": "algorithm" }, "description": "rsa.EncryptOAEP (quantum-vulnerable) discovered in keymanager.go:25", "name": "RSA", "type": "cryptographic-asset" }, { "bom-ref": "crypto/6855c3e1-9f50-456b-8afb-05e7250915a8", "cryptoProperties": { "algorithmProperties": { "primitive": "pke" }, "assetType": "algorithm" }, "description": "rsa.SignPKCS1v15 (quantum-vulnerable, padding-oracle risk) discovered in jwt.go:17", "name": "RSA", "type": "cryptographic-asset" }, { "bom-ref": "crypto/69929994-4df9-4cc6-bdd6-c646452c7092", "cryptoProperties": { "algorithmProperties": { "primitive": "pke" }, "assetType": "algorithm" }, "description": "Import of rsa from cryptography.hazmat.primitives.asymmetric discovered in jwt.py:2", "name": "RSA", "type": "cryptographic-asset" }, { "bom-ref": "crypto/8cf40149-e171-4f81-94fa-f29cfd413c28", "cryptoProperties": { "algorithmProperties": { "primitive": "pke" }, "assetType": "algorithm" }, "description": "jsonwebtoken signing (quantum-vulnerable depending on algorithm) discovered in jwt.js:15", "name": "RSA", "type": "cryptographic-asset" }, { "bom-ref": "crypto/9b81ba04-7fca-467d-85d3-dcce5e8fe6ac", "cryptoProperties": { "algorithmProperties": { "primitive": "pke" }, "assetType": "algorithm" }, "description": "Import of rsa from cryptography.hazmat.primitives.asymmetric discovered in key_manager.py:2", "name": "RSA", "type": "cryptographic-asset" }, { "bom-ref": "crypto/c91ee341-1927-4430-868d-a5835e1eeeab", "cryptoProperties": { "algorithmProperties": { "primitive": "pke" }, "assetType": "algorithm" }, "description": "JWT RSA/RSASSA-PSS algorithm usage (quantum-vulnerable) discovered in jwt.js:15", "name": "RSA", "type": "cryptographic-asset" }, { "bom-ref": "crypto/343abf1e-d49c-471a-bf4e-bcbf0424aa55", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "1024", "primitive": "pke" }, "assetType": "certificate", "certificateProperties": { "certificateFormat": "X.509", "issuerName": "iot-pump-12.field.acme", "notValidAfter": "2027-05-23T22:21:48+02:00", "notValidBefore": "2026-04-23T22:21:48+02:00", "subjectName": "iot-pump-12.field.acme" } }, "description": "X.509 cert: iot-pump-12.field.acme (rsa-1024) discovered in iot_device_old.pem:?", "name": "RSA-1024", "type": "cryptographic-asset" }, { "bom-ref": "crypto/2c588df8-61ae-4bde-853c-91f0cdf6d2db", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "2048", "primitive": "pke" }, "assetType": "certificate", "certificateProperties": { "certificateFormat": "X.509", "issuerName": "api.acme.eu", "notValidAfter": "2027-05-23T22:21:48+02:00", "notValidBefore": "2026-04-23T22:21:48+02:00", "subjectName": "api.acme.eu" } }, "description": "X.509 cert: api.acme.eu (rsa-2048) discovered in api_gateway.pem:?", "name": "RSA-2048", "type": "cryptographic-asset" }, { "bom-ref": "crypto/85f152e1-3cef-4533-b161-76533e2b2eed", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "2048", "primitive": "pke" }, "assetType": "algorithm" }, "description": "RSA key pair generation (quantum-vulnerable) (2048-bit) discovered in JwtSigner.java:12", "name": "RSA-2048", "type": "cryptographic-asset" }, { "bom-ref": "crypto/8f5c420b-6b18-4f63-90c2-7a689dd8aaf6", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "2048", "primitive": "pke" }, "assetType": "algorithm" }, "description": "RSA key generation (2048-bit) discovered in jwt.py:10", "name": "RSA-2048", "type": "cryptographic-asset" }, { "bom-ref": "crypto/ac916cec-6294-4321-85a9-77b5bcad2f7c", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "2048", "primitive": "pke" }, "assetType": "algorithm" }, "description": "OpenSSL EVP RSA key generation (quantum-vulnerable) (2048-bit) discovered in jwt_signer.c:8", "name": "RSA-2048", "type": "cryptographic-asset" }, { "bom-ref": "crypto/c5c11265-ee3b-4503-a0d7-c030ce061fb3", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "2048", "primitive": "pke" }, "assetType": "certificate", "certificateProperties": { "certificateFormat": "X.509", "issuerName": "extranet.acme.legacy.local", "notValidAfter": "2025-11-25T07:24:20+01:00", "notValidBefore": "2024-05-24T07:24:20+02:00", "subjectName": "extranet.acme.legacy.local" } }, "description": "X.509 cert: extranet.acme.legacy.local (rsa-2048) [EXPIRED] discovered in expired_extranet.pem:?", "name": "RSA-2048", "type": "cryptographic-asset" }, { "bom-ref": "crypto/cba32e6b-bb38-474c-9dec-e1b8358e4e1d", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "2048", "primitive": "pke" }, "assetType": "algorithm" }, "description": "OpenSSL EVP RSA key generation (quantum-vulnerable) (2048-bit) discovered in jwt_signer.c:7", "name": "RSA-2048", "type": "cryptographic-asset" }, { "bom-ref": "crypto/ebf17088-3876-4a63-b157-8ad793194224", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "2048", "primitive": "pke" }, "assetType": "algorithm" }, "description": "rsa.GenerateKey (quantum-vulnerable) (2048-bit) discovered in jwt.go:12", "name": "RSA-2048", "type": "cryptographic-asset" }, { "bom-ref": "crypto/f3484d59-8c20-40b1-be8f-46ff459813c0", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "2048", "primitive": "pke" }, "assetType": "certificate", "certificateProperties": { "certificateFormat": "X.509", "issuerName": "internal-ca.acme.eu", "notValidAfter": "2027-05-24T07:24:20+02:00", "notValidBefore": "2020-05-25T07:24:20+02:00", "subjectName": "internal-ca.acme.eu" } }, "description": "X.509 cert: internal-ca.acme.eu (rsa-2048) discovered in aged_internal_ca.pem:?", "name": "RSA-2048", "type": "cryptographic-asset" }, { "bom-ref": "crypto/f35db7cb-64b7-4136-a8fe-2e65580d649d", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "2048", "primitive": "pke" }, "assetType": "algorithm" }, "description": "RSA key pair generation (quantum-vulnerable) (2048-bit) discovered in jwt.js:7", "name": "RSA-2048", "type": "cryptographic-asset" }, { "bom-ref": "crypto/fd320cf6-d2f6-4def-a505-27543637ede0", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "2048", "primitive": "pke" }, "assetType": "certificate", "certificateProperties": { "certificateFormat": "X.509", "issuerName": "intranet.legacy.acme.local", "notValidAfter": "2027-05-23T22:21:34+02:00", "notValidBefore": "2026-05-23T22:21:34+02:00", "subjectName": "intranet.legacy.acme.local" } }, "description": "X.509 cert: intranet.legacy.acme.local (rsa-2048) discovered in legacy_intranet.crt:?", "name": "RSA-2048", "type": "cryptographic-asset" }, { "bom-ref": "crypto/2031756b-a331-4ec1-b302-2059bc97e3ba", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "4096", "primitive": "pke" }, "assetType": "algorithm" }, "description": "rsa.GenerateKey (quantum-vulnerable) (4096-bit) discovered in keymanager.go:17", "name": "RSA-4096", "type": "cryptographic-asset" }, { "bom-ref": "crypto/407dd4fe-08ac-4e2e-b904-03cebae7646b", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "4096", "primitive": "pke" }, "assetType": "algorithm" }, "description": "RSA key pair generation (quantum-vulnerable) (4096-bit) discovered in VaultKeyManager.java:15", "name": "RSA-4096", "type": "cryptographic-asset" }, { "bom-ref": "crypto/421b0f3a-032d-4fab-939a-6beea32794ed", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "4096", "primitive": "pke" }, "assetType": "algorithm" }, "description": "RSA key generation (4096-bit) discovered in key_manager.py:9", "name": "RSA-4096", "type": "cryptographic-asset" }, { "bom-ref": "crypto/a8c4e72a-26a6-4b84-9fc3-747284cb58aa", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "4096", "primitive": "pke" }, "assetType": "algorithm" }, "description": "mbedTLS RSA (quantum-vulnerable) (4096-bit) discovered in mbedtls_wrapper.c:7", "name": "RSA-4096", "type": "cryptographic-asset" }, { "bom-ref": "crypto/af23d721-2faf-42fc-8f02-bdf9adb50981", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "4096", "primitive": "pke" }, "assetType": "algorithm" }, "description": "RSA key pair generation (quantum-vulnerable) (4096-bit) discovered in keyManager.js:8", "name": "RSA-4096", "type": "cryptographic-asset" }, { "bom-ref": "crypto/c8f65468-7572-4c15-90d4-4c6af5aa0f57", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "4096", "primitive": "pke" }, "assetType": "certificate", "certificateProperties": { "certificateFormat": "X.509", "issuerName": "acme-code-signing", "notValidAfter": "2027-05-23T22:21:48+02:00", "notValidBefore": "2026-04-23T22:21:48+02:00", "subjectName": "acme-code-signing" } }, "description": "X.509 cert: acme-code-signing (rsa-4096) discovered in code_signing.pem:?", "name": "RSA-4096", "type": "cryptographic-asset" }, { "bom-ref": "crypto/e46d898c-cdba-43fc-a50f-173b28e030a6", "cryptoProperties": { "algorithmProperties": { "parameterSetIdentifier": "4096", "primitive": "pke" }, "assetType": "algorithm" }, "description": "mbedTLS RSA (quantum-vulnerable) (4096-bit) discovered in mbedtls_wrapper.c:8", "name": "RSA-4096", "type": "cryptographic-asset" }, { "bom-ref": "crypto/8225859c-c822-40ee-8118-7883f92c09b5", "cryptoProperties": { "algorithmProperties": { "padding": "oaep", "primitive": "pke" }, "assetType": "algorithm" }, "description": "RSA padding: OAEP discovered in key_manager.py:19", "name": "RSA-OAEP", "type": "cryptographic-asset" }, { "bom-ref": "crypto/f8a2b133-db52-4173-bc94-f1d82d243127", "cryptoProperties": { "algorithmProperties": { "padding": "oaep", "primitive": "pke" }, "assetType": "algorithm" }, "description": "RSA cipher usage (quantum-vulnerable) discovered in VaultKeyManager.java:21", "name": "RSA-OAEP", "type": "cryptographic-asset" }, { "bom-ref": "crypto/89e4beba-6334-42c0-b616-79fe7be933c5", "cryptoProperties": { "algorithmProperties": { "padding": "pkcs1v15", "primitive": "pke" }, "assetType": "algorithm" }, "description": "RSA padding: PKCS1v15 discovered in jwt.py:16", "name": "RSA-PKCS1v15", "type": "cryptographic-asset" }, { "bom-ref": "crypto/453e6623-c189-4b8d-b32f-ab246985ca0b", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "sha1 usage discovered in sha1_hasher.py:7", "name": "SHA-1", "type": "cryptographic-asset" }, { "bom-ref": "crypto/5dce1fe9-8334-48c1-8c53-40025c3060a7", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "OpenSSL SHA-1 usage (broken since 2017) discovered in legacy_hash.c:8", "name": "SHA-1", "type": "cryptographic-asset" }, { "bom-ref": "crypto/8ce94e49-ceb1-4625-b61a-4f96ce357ecd", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "SHA-1 hash usage (broken since 2017) discovered in hash.js:5", "name": "SHA-1", "type": "cryptographic-asset" }, { "bom-ref": "crypto/8fce2915-ff26-4d76-be8a-7dc38ad15811", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "X.509 signature hash: sha1 (intranet.legacy.acme.local) discovered in legacy_intranet.crt:?", "name": "SHA-1", "type": "cryptographic-asset" }, { "bom-ref": "crypto/c60193d9-3d5d-4183-a30b-c37af41f910a", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "sha1.New() (broken since 2017) discovered in hash.go:10", "name": "SHA-1", "type": "cryptographic-asset" }, { "bom-ref": "crypto/e3309e46-517e-4443-908f-d918adfc7cb1", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "MessageDigest SHA-1 usage (broken since 2017) discovered in LegacyHasher.java:9", "name": "SHA-1", "type": "cryptographic-asset" }, { "bom-ref": "crypto/0ce8aabc-0a62-4025-aed1-3acb9701955f", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "sha256/384/512 New (quantum-safe) discovered in jwt.go:16", "name": "SHA-2", "type": "cryptographic-asset" }, { "bom-ref": "crypto/1c0ffd71-4417-4fb0-8486-e3f2ca25e3a7", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "X.509 signature hash: sha256 (extranet.acme.legacy.local) discovered in expired_extranet.pem:?", "name": "SHA-2", "type": "cryptographic-asset" }, { "bom-ref": "crypto/28b2432a-367c-450d-95b2-042fa178a57b", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "sha256/384/512 New (quantum-safe) discovered in keymanager.go:25", "name": "SHA-2", "type": "cryptographic-asset" }, { "bom-ref": "crypto/43f1746e-20ce-4db7-8c65-94c163456989", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "X.509 signature hash: sha256 (client-paris-01) discovered in mtls_client.crt:?", "name": "SHA-2", "type": "cryptographic-asset" }, { "bom-ref": "crypto/68b09c5c-a3f6-4ac7-bd0f-57627bbc9048", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "OpenSSL SHA-2 usage (quantum-safe at SHA-256+) discovered in jwt_signer.c:18", "name": "SHA-2", "type": "cryptographic-asset" }, { "bom-ref": "crypto/778234a9-2275-44de-87d3-320dad10c877", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "X.509 signature hash: sha256 (iot-pump-12.field.acme) discovered in iot_device_old.pem:?", "name": "SHA-2", "type": "cryptographic-asset" }, { "bom-ref": "crypto/87cae5f1-45f2-49c7-974a-d0bac975f606", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "SHA256 usage discovered in key_manager.py:20", "name": "SHA-2", "type": "cryptographic-asset" }, { "bom-ref": "crypto/8a2f1a34-25f1-4cb0-864f-10cb6780f4e4", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "X.509 signature hash: sha256 (api.acme.eu) discovered in api_gateway.pem:?", "name": "SHA-2", "type": "cryptographic-asset" }, { "bom-ref": "crypto/8d390e1f-4959-4a6a-8a82-02a976516e6a", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "X.509 signature hash: sha256 (acme-code-signing) discovered in code_signing.pem:?", "name": "SHA-2", "type": "cryptographic-asset" }, { "bom-ref": "crypto/94c35311-5d79-4224-b1e7-2e40e86c1521", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "X.509 signature hash: sha384 (vault.acme.internal) discovered in backend_high_assurance.pem:?", "name": "SHA-2", "type": "cryptographic-asset" }, { "bom-ref": "crypto/ca1388db-599f-498f-93f3-13087f4c808f", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "X.509 signature hash: sha256 (internal-ca.acme.eu) discovered in aged_internal_ca.pem:?", "name": "SHA-2", "type": "cryptographic-asset" }, { "bom-ref": "crypto/d47bc9f2-db79-4431-8d25-76ac2571fbe5", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "SHA256 usage discovered in jwt.py:17", "name": "SHA-2", "type": "cryptographic-asset" }, { "bom-ref": "crypto/f447ced4-d902-4cb7-9fb5-aba78f42c007", "cryptoProperties": { "algorithmProperties": { "primitive": "hash" }, "assetType": "algorithm" }, "description": "SHA256 usage discovered in key_manager.py:21", "name": "SHA-2", "type": "cryptographic-asset" } ], "dependencies": [ { "ref": "crypto/004e95c2-c143-4853-a48e-018c85be4c1d" }, { "ref": "crypto/0320574f-23e1-48bd-9a5c-b2dc367e92ee" }, { "ref": "crypto/0ad91ef0-b16b-46a1-baa7-f8929e4794b8" }, { "ref": "crypto/0ce8aabc-0a62-4025-aed1-3acb9701955f" }, { "ref": "crypto/11653a40-8a8a-4a36-9d54-6ddeb02fdbe3" }, { "ref": "crypto/1c0ffd71-4417-4fb0-8486-e3f2ca25e3a7" }, { "ref": "crypto/1f3e8c52-2c7f-42a4-a988-4a63c5aee700" }, { "ref": "crypto/2031756b-a331-4ec1-b302-2059bc97e3ba" }, { "ref": "crypto/2591f8c9-3115-4e10-a362-af06806b14e7" }, { "ref": "crypto/28b2432a-367c-450d-95b2-042fa178a57b" }, { "ref": "crypto/2bdc8c91-851a-46f8-9631-b58f502f134e" }, { "ref": "crypto/2c588df8-61ae-4bde-853c-91f0cdf6d2db" }, { "ref": "crypto/2ee12dcd-a315-4019-a759-8060f2fe1bd8" }, { "ref": "crypto/2f5528c7-a82b-4720-b8a8-6baee7465453" }, { "ref": "crypto/3134b7e5-a1ec-4d7c-bb7d-09f56fc2273c" }, { "ref": "crypto/322dae89-5a9d-49fe-bd12-51a1c33638df" }, { "ref": "crypto/343abf1e-d49c-471a-bf4e-bcbf0424aa55" }, { "ref": "crypto/35f68b01-b072-4057-bae8-dbb0037457c0" }, { "ref": "crypto/39cfaad0-96e2-4f10-9913-2a471c54f234" }, { "ref": "crypto/407dd4fe-08ac-4e2e-b904-03cebae7646b" }, { "ref": "crypto/421b0f3a-032d-4fab-939a-6beea32794ed" }, { "ref": "crypto/43f1746e-20ce-4db7-8c65-94c163456989" }, { "ref": "crypto/453e6623-c189-4b8d-b32f-ab246985ca0b" }, { "ref": "crypto/52ebd0b7-7443-46ee-8176-41fb8cd1b602" }, { "ref": "crypto/557dfd5d-2046-41d9-a45c-2342e9812ab4" }, { "ref": "crypto/5cf04259-2a53-4c0d-a35d-fe9b757d02a0" }, { "ref": "crypto/5dce1fe9-8334-48c1-8c53-40025c3060a7" }, { "ref": "crypto/64b094b1-eba9-4eeb-b20c-0e25072e75c1" }, { "ref": "crypto/6855c3e1-9f50-456b-8afb-05e7250915a8" }, { "ref": "crypto/688eaf6c-115c-474d-bdb1-e053b015d6d0" }, { "ref": "crypto/68b09c5c-a3f6-4ac7-bd0f-57627bbc9048" }, { "ref": "crypto/69929994-4df9-4cc6-bdd6-c646452c7092" }, { "ref": "crypto/778234a9-2275-44de-87d3-320dad10c877" }, { "ref": "crypto/813e9f19-24b4-4ab5-9c11-9547e560b9e6" }, { "ref": "crypto/8225859c-c822-40ee-8118-7883f92c09b5" }, { "ref": "crypto/85f152e1-3cef-4533-b161-76533e2b2eed" }, { "ref": "crypto/87cae5f1-45f2-49c7-974a-d0bac975f606" }, { "ref": "crypto/89e4beba-6334-42c0-b616-79fe7be933c5" }, { "ref": "crypto/8a2f1a34-25f1-4cb0-864f-10cb6780f4e4" }, { "ref": "crypto/8ce94e49-ceb1-4625-b61a-4f96ce357ecd" }, { "ref": "crypto/8cf40149-e171-4f81-94fa-f29cfd413c28" }, { "ref": "crypto/8d390e1f-4959-4a6a-8a82-02a976516e6a" }, { "ref": "crypto/8f5c420b-6b18-4f63-90c2-7a689dd8aaf6" }, { "ref": "crypto/8fce2915-ff26-4d76-be8a-7dc38ad15811" }, { "ref": "crypto/94c35311-5d79-4224-b1e7-2e40e86c1521" }, { "ref": "crypto/9b81ba04-7fca-467d-85d3-dcce5e8fe6ac" }, { "ref": "crypto/9be7212c-1679-412b-a85d-37f775475227" }, { "ref": "crypto/9f33a83a-ce82-408c-a126-90873d6fb62e" }, { "ref": "crypto/a8c4e72a-26a6-4b84-9fc3-747284cb58aa" }, { "ref": "crypto/ac916cec-6294-4321-85a9-77b5bcad2f7c" }, { "ref": "crypto/aca0fa45-2752-4f50-9bbf-ea70c059c853" }, { "ref": "crypto/af23d721-2faf-42fc-8f02-bdf9adb50981" }, { "ref": "crypto/c5c11265-ee3b-4503-a0d7-c030ce061fb3" }, { "ref": "crypto/c60193d9-3d5d-4183-a30b-c37af41f910a" }, { "ref": "crypto/c8f65468-7572-4c15-90d4-4c6af5aa0f57" }, { "ref": "crypto/c91ee341-1927-4430-868d-a5835e1eeeab" }, { "ref": "crypto/ca1388db-599f-498f-93f3-13087f4c808f" }, { "ref": "crypto/cba32e6b-bb38-474c-9dec-e1b8358e4e1d" }, { "ref": "crypto/cd7cb9fc-4ee3-4d15-8e0d-1f7ba6045f8b" }, { "ref": "crypto/d47bc9f2-db79-4431-8d25-76ac2571fbe5" }, { "ref": "crypto/d7f450e6-3e95-4c6e-b033-ac189cee0df9" }, { "ref": "crypto/d967eb4c-780b-4e9d-80ed-1260a312d870" }, { "ref": "crypto/df8910cb-8717-40d0-8bd5-6eb771a2a1d8" }, { "ref": "crypto/e3309e46-517e-4443-908f-d918adfc7cb1" }, { "ref": "crypto/e46d898c-cdba-43fc-a50f-173b28e030a6" }, { "ref": "crypto/ebf17088-3876-4a63-b157-8ad793194224" }, { "ref": "crypto/ec4b71e8-fd7e-434a-9168-9399af66625e" }, { "ref": "crypto/f3484d59-8c20-40b1-be8f-46ff459813c0" }, { "ref": "crypto/f35db7cb-64b7-4136-a8fe-2e65580d649d" }, { "ref": "crypto/f447ced4-d902-4cb7-9fb5-aba78f42c007" }, { "ref": "crypto/f7e7e914-99bd-41af-919c-0d6ce9c99e5c" }, { "ref": "crypto/f8a2b133-db52-4173-bc94-f1d82d243127" }, { "ref": "crypto/f8d35d3e-c171-48e8-9c5c-a1307b52e974" }, { "ref": "crypto/fd320cf6-d2f6-4def-a505-27543637ede0" } ], "metadata": { "timestamp": "2026-06-04T20:14:04.681258+00:00" }, "serialNumber": "urn:uuid:7934c8fb-9b7c-4c6e-8cde-967d422e69c5", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6" }