Overview
How SaQura PQC Scan works
A free tool that finds quantum-vulnerable cryptography (RSA, ECC …) in your code — as a GitHub Action or from the command line. In 30 seconds you see where action is needed.
Overview
The problem in one paragraph
Almost every piece of software uses encryption — a digital lock for passwords, messages and data. The locks in common use today (RSA, ECC) can be broken by a future quantum computer. Regulators such as Germany's BSI and the EU's NIS2 directive are pushing the move to quantum-safe methods. Attackers already capture data today to decrypt it later — which is why it matters now.
What it is
It finds the old locks in your code
Every migration starts with one question: where is the outdated crypto? SaQura PQC Scan reads your source code and dependencies and sorts each finding into a traffic-light level — quantum-vulnerable, already-weak, or quantum-safe. You get an easy-to-read report (with a percentage score) plus a standards-conformant inventory (CycloneDX CBOM). The tool is free, open source and changes nothing in your code.
Who it's for
When this is the right fit
For developers and teams who want to know how quantum-safe their software is — and need verifiable evidence (a CBOM) for audits and compliance.
Getting started
Get going
Add it as a GitHub Action in your CI — a report on every pull request — or run it locally with one command. Full details in the public repository.
npx saqura-pqc-scan .What's next