Add QuantumScan to Tools / Standalone

[gaiabio12-design]

Adding QuantumScan to the ### Standalone tools section, listed alphabetically between Nipe and sops.

QuantumScan is a free scanner that detects quantum-vulnerable cryptography (RSA, ECDSA, Diffie-Hellman, SHA-1, MD5, etc.) in GitHub repositories. It exports:

• CycloneDX 1.7 CBOM (cryptographic-asset inventory recommended by CISA)
• DORA / NIS2 compliance PDF aligned with EU regulations active since January 2025
• AI-generated migration guides per finding suggesting NIST FIPS 203/204/205 alternatives

The scanner core is MIT-licensed at https://github.com/quantumscan-io/scanner-core — users can audit / self-host the detection logic. The hosted version is free during the design partner phase.

Fits in the standalone tools category alongside gpg, sops, and cryptomator — practical cryptography utilities engineers use day-to-day, not a library implementing primitives.

Following the alphabetical convention of the section.

[gaiabio12-design]

Hi! Just a gentle reminder on this submission. Happy to make any adjustments if needed. Thanks for maintaining this list!

[gaiabio12-design]

Quick update on this submission: QuantumScan just merged its first community contribution — a developer independently added full .NET / C# detection coverage (System.Security.Cryptography + BouncyCastle.NET). The scanner now covers TypeScript, Python, Go, Java, Kotlin, Swift, Rust, C/C++, C#/.NET, Ruby, and PHP. Happy to answer any questions.

[gaiabio12-design]

Hi! Friendly ping on this PR.

Since the original submission, scanner-core has shipped several updates:

• Multi-language support now covers 12 languages including C# / .NET
• GitHub PR bot for automated PQC scanning on every pull request
• CycloneDX 1.7 CBOM export and DORA/NIS2 compliance PDF reports
• npx quantumscan . — no install, runs locally, code never leaves the machine

If there's any change needed to match the list's guidelines, happy to update. Thanks for maintaining this resource!

[gaiabio12-design]

Quick update on this submission.

scanner-core v1.2.0 just shipped three additions that may be relevant to this list's audience:

• SARIF 2.1.0 output — findings integrate directly into the GitHub Security tab via github/codeql-action/upload-sarif, compatible with GitLab SAST and VS Code
• Dependency scanning — reads package.json, requirements.txt, go.mod, Cargo.toml, pom.xml for 27 known quantum-vulnerable packages
• False positive suppression — // quantumscan-ignore inline marker

Release: https://github.com/quantumscan-io/scanner-core/releases/tag/v1.2.0

Happy to adjust the submission description if that would help.

[gaiabio12-design]

Final check-in. If this PR doesn't fit the list's scope or criteria, feel free to close it — no problem at all.

If it's just backlogged, no rush. scanner-core is actively maintained and growing. Thanks for the work you put into maintaining this list!