Automated Cryptographic Bill of Materials Generation for Quantum Readiness Assessment: A Multi-Language Static Analysis Approach

Jain, Gunjan

doi:10.5281/zenodo.19687320

Published April 22, 2026 | Version v1

Preprint Open

Automated Cryptographic Bill of Materials Generation for Quantum Readiness Assessment: A Multi-Language Static Analysis Approach

Jain, Gunjan

Quantum readiness requires organizations to inventory every cryptographic algorithm in their codebase -- a task that is infeasible to perform manually at scale. We present a multi-language cryptographic code scanner that performs static analysis across six programming languages (JavaScript/TypeScript, Python, Go, Java, Rust, C/C), identifies cryptographic API usage, classifies algorithms by quantum risk level, and generates a Cryptographic Bill of Materials (CBOM) in CycloneDX format. The scanner also detects embedded secrets (30+ patterns), analyzes binary files for cryptographic constants (AES S-box, SHA-256 initial values), and provides a CI/CD quality gate for enforcing post-quantum migration policies. We describe the pattern matching architecture, evaluate coverage across real-world codebases, and demonstrate integration with FTQC attack cost estimation for actionable quantum risk timelines.

Files

Quantum Readiness Assessment.pdf

Files (46.8 kB)

Name	Size	Download all
Quantum Readiness Assessment.pdf md5:c5245ba9fe0a0e62a826334e573fe518	46.8 kB	Preview Download

	All versions	This version
Views	4	4
Downloads	3	3
Data volume	233.8 kB	233.8 kB

Automated Cryptographic Bill of Materials Generation for Quantum Readiness Assessment: A Multi-Language Static Analysis Approach

Authors/Creators

Description

Files

Quantum Readiness Assessment.pdf

Files (46.8 kB)