# GitLens: Post-Quantum Cryptography Scanner

> Scan any public Git repository for quantum-vulnerable cryptography (RSA, ECDSA/ECDH, DSA, Diffie–Hellman), known dependency vulnerabilities (via an SBOM), and leaked secrets — with migration guidance to NIST post-quantum standards (ML-KEM / FIPS 203, ML-DSA / FIPS 204, SLH-DSA / FIPS 205).

LLM and AI crawler access is permitted for all content on this site.

## How it works
- Submit any public Git repository URL on the home page.
- The URL is validated as a real Git repository and screened against SSRF, then shallow-cloned in an isolated worker.
- Semgrep (20 per-language rulesets) detects quantum-vulnerable and classically-weak cryptography.
- Syft builds a CycloneDX SBOM; Grype matches components against a known-vulnerability database (run offline).
- Gitleaks scans the working tree for leaked secrets (redacted, always critical).
- A single report is produced with severity-ranked findings, repository intelligence and remediation steps.

## Pages
- [Home](https://gitlens.ai/): repository scan form and live scanning activity (recent scans, most-vulnerable and most-crypto-vulnerable repositories).
- [Help and capabilities](https://gitlens.ai/help): how a scan works, supported cryptography languages, and supported package ecosystems.
- [Contact](https://gitlens.ai/contact): general enquiries, security disclosure, and feedback routes.

## Notes
- Public repositories need no sign-in; scanning a private repository requires OAuth sign-in with the Git provider.
- Submissions are accepted only from the website's own form and are rate-limited.
- Operated by Cyber Defence Service Ltd.