Hosted SaaS
PQC migration without a Deloitte budget.
Continuous scanning, CycloneDX CBOM exports, NIST-aligned migration plans. Built for the teams Big-4 advisories don't take meetings with.
Forcing function: OMB M-23-02, EO 14306, and the April 2026 federal transition-plan deadline. The Big-4 sells F500 engagements at $40k–$1M. We start at $49/month for SMBs.
Pricing
Free
Local CLI + browser tool
- ✓ pqc-audit CLI on PyPI (MIT)
- ✓ In-browser scanner at /pqc-audit/scan
- ✓ Public REST API at /api/scan (rate-limited)
- ✓ OpenAPI + CycloneDX CBOM 1.6 output
- ✓ GitHub Action for PR-gating (copy-paste)
- ✓ Community support via GitHub issues
Most popular
Starter
For one team, one repo
- ✓ Everything in Free
- ✓ Connect 1 private GitHub repo
- ✓ Daily scans + commit-triggered scans
- ✓ Hosted dashboard with 90-day trend
- ✓ Monthly CBOM email report (PDF + JSON)
- ✓ Slack/Email digest on new high-severity finding
- ✓ Compliance-ready CBOM exports (CycloneDX 1.6)
- ✓ Priority email support
Pro
For growing security teams
- ✓ Everything in Starter
- ✓ Unlimited private repos
- ✓ TLS endpoint scanning (10 endpoints)
- ✓ Cryptographic dependency graph
- ✓ Custom rule patterns
- ✓ JIRA / Linear integration
- ✓ Quarterly CISO-ready PDF audit
- ✓ 30-min onboarding call
Team
For F500 / regulated industries
- ✓ Everything in Pro
- ✓ Unlimited TLS endpoints
- ✓ On-prem / VPC deployment option
- ✓ SAML SSO + SCIM
- ✓ SOC 2 / FedRAMP-aligned reporting
- ✓ Custom integration engineering
- ✓ Named technical contact
- ✓ Quarterly migration roadmap review
All plans: 14-day free trial · cancel anytime · annual billing 20% off · no hidden per-seat fees · invoice billing on Pro+.
What you get
CycloneDX 1.6 CBOM output
Every scan produces a Cryptographic Bill of Materials in the OWASP-standard JSON format. Compliance teams already know what to do with it.
NIST-aligned migration recommendations
Each finding includes the exact recommended replacement: ML-KEM-768 for RSA/ECDH key exchange, ML-DSA-65 for ECDSA/Ed25519, AES-256 for AES-128.
GitHub-native
Install once via the GitHub App, get scans on every push. No CI configuration to maintain.
Six languages and counting
Python, JavaScript/TypeScript, Go, Rust, Java, C/C++ — plus PEM certificates, package manifests, and TLS configs.
Public API (free, rate-limited)
Free tier exposes a public scan endpoint. Useful for one-off scans, custom CI scripts, or evaluating before upgrading.
curl -s https://quantumoutpost.com/api/scan \
-H "Content-Type: application/json" \
-d '{
"code": "from cryptography.hazmat.primitives.asymmetric import rsa\nrsa.generate_private_key(65537, 2048)",
"format": "cbom",
"filePath": "src/auth/keys.py"
}'
Returns a CycloneDX 1.6 CBOM JSON. Set format: "json" for the
simpler findings format. Rate-limited to ~100 req/min per IP on free tier.
Build status
- ✅ CLI on PyPI — MIT-licensed, zero deps, six-language coverage.
- ✅ In-browser scanner at /pqc-audit/scan — runs entirely client-side.
- ✅ Public REST API with JSON + CBOM output at
/api/scan. - 🚧 Hosted dashboard — preview shipped, GitHub App integration in progress.
- 🚧 Stripe billing — checkout in progress.
- 📋 SAML SSO + on-prem deployment — Team tier, planned.
Shipping a real product takes longer than scaffolding a marketing page. Get on the waitlist and you'll be billed $0 until your dashboard works end-to-end with continuous scanning. Email [email protected] .