OpenChainGraph Suite · ART-386 · Post-quantum readiness

CBOM Structural Lint & CNSA-2.0 Classifier

Validates a pasted CycloneDX 1.6 Cryptography Bill of Materials against a hand-derived field subset (algorithm, key size, certification level, crypto functions) and classifies each declared algorithm asset as quantum-vulnerable or aligned with a CNSA-2.0 target primitive. Every classification is asserted from what the pasted CBOM declares.

Post-Quantum ReadinessCycloneDX 1.6 subsetZero PIIPolicy Mandate export
🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only.
Structural lint, not a scanner
This tool checks the structure of the CBOM you paste and classifies each declared algorithm against a fixed pattern list. It does not discover cryptographic assets, does not inspect running systems or source code, and does not perform a cryptographic audit. Every finding below is labeled asserted because it reflects a declaration in your CBOM, not an observation.
Data snapshot
The CNSA-2.0 target list and CycloneDX field subset are pinned as data_version in the output. When CISA/NIST publish CBOM minimum elements under the 2026 executive order, this becomes a declared re-pin rather than a code change.
Presets
CBOM Input
Result
IdxNameStatusClassificationNotes
Execution Hash & §4 Artifact
SHA-256 execution hash (JCS canonical, RFC 8785):