Free CBOM Generator

Scan your source code for free. Upload an archive and our automated tool returns a Cryptographic Bill of Materials in minutes — identifying the algorithms, protocols, and quantum-vulnerable cryptography in your code, at no cost.

Need third-party dependency analysis, production reachability tracing, and an expert-led report? Explore our CBOM Generation Service.

What You'll Get

Algorithm Inventory
Complete list of cryptographic algorithms detected in your codebase, including hash functions, ciphers, and key exchange mechanisms.
Quantum Vulnerability Assessment
Identification of algorithms vulnerable to quantum attacks, categorised by severity and remediation priority.
CycloneDX Format
Industry-standard CBOM output compatible with your existing security toolchain and compliance workflows.
Summary Report
Executive overview highlighting key findings and recommended next steps.

Supported Languages (24)

Go, Python, Java, JavaScript, TypeScript, C, C++, C#, Rust, Ruby, PHP, Kotlin, Swift, Scala, Perl, Objective-C, Haskell, Lua, Elixir, R, Julia, Verilog, SystemVerilog, and VHDL.

Upload Your Source Code

Upload an archive of your source code repository. We support ZIP, TAR, TAR.GZ, and TAR.ZST formats up to 50MB.

Email Address *

We'll send your CBOM results to this address.

Project Name *

Organisation (Optional)

Source Code Archive *

Click to upload or drag and drop

ZIP, TAR, TAR.GZ, or TAR.ZST, max 50MB

I agree to the Terms of Service and Privacy Policy. I understand this is a free informational tool and my source code will be processed for CBOM generation and then deleted.

I'd like to receive occasional updates about PQC developments and services.

How It Works

Upload

Submit your source code as an archive (ZIP, TAR, TAR.GZ, or TAR.ZST) through our secure upload form.

Scan

Our automated scanner analyses your code for cryptographic usage patterns across all supported languages.

Generate

A comprehensive CBOM is generated in CycloneDX format with quantum vulnerability classifications.

Receive

Your CBOM and summary report are delivered to your email. Source code is securely deleted.

Your Code Security

Encrypted Transfer

All uploads are transmitted over TLS 1.3 with strong cipher suites.

Isolated Processing

Your code is processed in a secure, isolated cloud environment.

Automatic Deletion

Source code is permanently deleted within 24 hours of processing completion.

No Code Retention

We don't store, share, or use your code for any purpose beyond generating your CBOM.

Need More Than a CBOM?

Our paid tiers include full infrastructure scanning, expert analysis, risk prioritisation, and migration roadmaps.

View Full Pricing