Add a post-quantum readiness gate to your CI in 5 lines
Your codebase almost certainly relies on RSA and elliptic-curve cryptography — TLS, JWTs, SSH keys, signed tokens. All of it is breakable by a large enough quantum computer (Shor's algorithm), and "harvest now, decrypt later" means data you encrypt today can be captured today and decrypted later. Regulators noticed: CNSA 2.0 (US federal + suppliers), DORA (EU financial entities, applies from Jan 2025), and NIS2 now mandate strict cryptographic risk management — which in practice means knowing where your quantum-vulnerable crypto lives, a cryptographic bill of materials (CBOM). Most teams can't answer "where is our RSA/ECC?" off the top of their head. Here's how to make CI answer it for you, on every push, for free. What we're building A GitHub Action that scans your repo, grades its post-quantum readiness A–F , writes a CycloneDX 1.6 CBOM , and — if you want — fails the build when classically-broken crypto (MD5, RC4, 3DES, deprecated TLS) shows up. Step 1 — try it in your browser first (30 seconds, nothing uploaded) Before touching CI, paste a package.json / requirements.txt / cipher list into the in-browser scanner and see your grade. It runs entirely client-side — no upload: https://throndar.ai/cbom Step 2 — add it to CI (the 5 lines) # .github/workflows/pqc-readiness.yml name : PQC readiness on : [ push , pull_request ] jobs : scan : runs-on : ubuntu-latest steps : - uses : actions/checkout@v4 - uses : brandonjsellam-Releone/pq-readiness-scorecard@v1 with : path : . That's it. The Action is self-contained and dependency-free — no npm install , no setup step. On the next push it prints a scorecard to the job summary: Post-Quantum Readiness Scorecard: D (52/100) — Quantum-vulnerable — migrate 3 files · broken-classical 0 · quantum-broken 4 · weakened 1 · resistant 0 Step 3 — see findings in the Security tab (SARIF) The Action emits SARIF 2.1.0. Upload it and every finding shows up as a code-scanning alert: - id : pqc uses : brandonjsellam-Releone/pq-readiness-score