pqc-audit is an open-source CLI tool that scans local repositories to detect cryptographic components vulnerable to quantum attacks. Below are 11 security & compliance platforms apps with similar functionality to pqc-audit, matched by what each product actually does — not ranked or scored. Explore each to find the closest fit for your use case.
pqc-scan is a command-line tool designed for developers and security engineers to scan codebases for cryptographic algorithms that are vulnerable to quantum attacks. It provides static analysis and outputs results in SARIF format, helping teams improve their security posture. The tool is open source and distributed via PyPI.
pqc-check is an open-source command-line tool that scans cryptographic implementations for vulnerabilities to quantum attacks. It helps security engineers and developers assess and improve the quantum safety of their codebases. Distributed under the MIT license, it is freely available for integration into security workflows.
pqc-migration-scanner is an open-source CLI tool that scans codebases for vulnerabilities related to post-quantum cryptography. It helps security engineers and developers identify and address compliance issues in preparation for the post-quantum era. The tool is MIT licensed and suitable for integration into security workflows.
pqcheck is an open-source command-line tool that scans source code and dependency graphs to detect risks related to post-quantum cryptography. It helps security engineers and developers identify vulnerable algorithms and supply-chain issues, supporting SBOM and SARIF formats for integration into security workflows.
pqcprobe is a command-line tool for probing server TLS configurations and evaluating readiness for post-quantum key exchanges, specifically ML-KEM. It helps security engineers and administrators audit cryptographic compliance and future-proof their infrastructure.
qorex is an open-source CLI tool that scans codebases for cryptography vulnerable to quantum attacks and provides guidance for migrating to NIST post-quantum cryptography standards. It is designed for security engineers and developers focused on future-proofing their applications.
pqc-scanner is a command-line tool for automated timing side-channel scanning of NIST PQC standards ML-KEM and ML-DSA. It helps security researchers and cryptographers identify vulnerabilities in post-quantum cryptographic implementations.
Cryptographic Bill of Materials provides an in-browser tool to scan codebases for post-quantum cryptography vulnerabilities, grading readiness from A to F. It offers a free browser-based scan, a GitHub Action for CI integration, and exports CycloneDX CBOMs and SARIF reports. Security engineers can use it to assess and document cryptographic exposure without uploading sensitive code.
PQCToolkit is a security application offering post-quantum encryption and digital signature capabilities using ML-KEM and ML-DSA. It operates entirely locally, ensuring privacy and no telemetry, and is available as a mobile app and browser extension.
PQSafe provides a post-quantum authorization layer designed for AI agent payments, enabling cryptographically secure, delegated spending without human intervention. The platform centers on the concept of a SpendEnvelope, a signed mandate that specifies a spending cap, payee scope, and expiration, ensuring that agent-initiated payments are always authorized, revocable, and auditable. Each authorization is signed using ML-DSA-65, a NIST FIPS 204 standardized post-quantum digital signature algorithm based on CRYSTALS-Dilithium, which is resistant to quantum attacks and provides security equivalent to AES-192. The tool is built for AI agents that require autonomous payment capabilities. It enforces cryptographic controls so agents cannot exceed defined budgets, pay unapproved recipients, or operate beyond the allowed time window. PQSafe integrates with multiple payment rails, including Airwallex, Wise, Stripe, and USDC-Base, and supports spend delegation and multi-rail execution. The system records all authorizations and payments, producing signed receipts that can be audited for up to seven years. PQSafe also provides a public ledger (in beta), test vectors, and a live demo for verification and experimentation. PQSafe is available as a core SDK for both JavaScript (npm @pqsafe/agent-pay) and Python (PyPI pqsafe-agent-pay), and includes native plugins for frameworks such as LangChain, CrewAI, and Mastra. It offers an API endpoint for mandate verification, revocation, and auditing, as well as browser-based verification tools. 0 license, with its source code and test suites published on GitHub. The roadmap includes support for ML-KEM-768 (CRYSTALS-Kyber) for post-quantum key exchange, following NIST FIPS 203 standards, planned for a future release. PQSafe positions itself as a solution for regulated institutions and developers seeking quantum-safe, agent-native payment authorization and auditing infrastructure, addressing the emerging need to migrate from classical cryptographic standards in light of advances in quantum computing.
PostQ Labs provides quantum security intelligence by offering a database that maps the quantum risk posture of 3,687 publicly listed Japanese companies. The platform addresses the growing threat posed by quantum computers to current cryptographic standards, specifically highlighting vulnerabilities in RSA, ECDSA, and ECDH algorithms. Its core service is to identify organizations at risk from quantum attacks, enabling enterprises to act proactively as quantum decryption capabilities become a reality. The database includes 19 data fields per company, such as quantum vulnerability status, quantum risk score (ranging from 0 to 100), risk level (CRITICAL, HIGH, MEDIUM, LOW, NONE), public key algorithm, key size, CDN provider, and post-quantum key exchange details. Proprietary risk scoring is based on algorithm type, key size, and TLS configuration, allowing organizations to prioritize remediation efforts. The data is updated regularly, with monthly or quarterly updates depending on the selected plan, and is delivered as a CSV file via email within 24 hours of purchase. PostQ Labs is designed for enterprise use cases, serving security vendors, cyber insurance providers, investment funds, and auditors. Security vendors can use the data to identify prospects for post-quantum cryptography (PQC) migration consulting, while cyber insurers can leverage the data for underwriting and portfolio risk assessment. Investment funds may incorporate quantum risk posture into due diligence and ESG evaluations, and auditors can generate compliance and cryptographic readiness reports based on the risk scores. The service is offered through tiered pricing: an Evaluation Sample at $330 for a one-time purchase covering 35 companies, a Standard plan at $1,990 per year for the full dataset with quarterly updates, and an Enterprise plan at $4,990 per year with monthly updates and priority support. Custom data, API access, and exclusive licensing are available upon request. The data is licensed for internal use only, with resale and redistribution prohibited. All sales are final once data is delivered, and a delivery guarantee ensures customers receive their data within 24 hours or are eligible for a full refund.