The CipherIQ Platform

A distributed cryptographic observability platform that unifies static and runtime analysis across hybrid infrastructure — enabling enterprise-grade CBOM governance at scale.

Open-Source Foundation

CipherIQ deploys distributed collectors and correlators that continuously map and verify cryptography across your estate — from cloud and data center to OT, embedded, and endpoint systems. Each tool works standalone. Together, they form the most comprehensive cryptographic observability stack available.

Static Analysis

cbom-generator

Static cryptographic asset discovery. Scans Linux filesystems, firmware images, and container layers. Outputs CycloneDX-compliant Cryptographic Bill of Materials with PQC classification for 48+ NIST algorithms.

Filesystem scanning Firmware analysis Container support CycloneDX output PQC classifier

View on GitHub →

Network Analysis

pqc-flow

Passive network protocol analyzer. Detects PQC support and cipher suite negotiation in TLS 1.3, SSH, IKEv2, and QUIC traffic. First-flight packet analysis only — no decryption, no interception, no keys.

TLS 1.3 SSH IKEv2 QUIC Passive capture

View on GitHub →

Runtime Monitoring

crypto-tracer

eBPF-based runtime cryptographic monitoring. Zero-overhead kernel-level tracing of OpenSSL and libcrypto operations. See exactly which algorithms, key sizes, and cipher suites are used in production — without touching the application.

eBPF probes Zero overhead OpenSSL tracing Read-only Production-safe

View on GitHub →

Visualization

cbom-explorer

Web-based CBOM visualization and exploration. Interactive dependency graphs, PQC readiness dashboard, and certificate chain viewer. Upload any CycloneDX CBOM and instantly understand your cryptographic landscape.

Interactive graphs PQC dashboard Cert chain viewer CBOM upload

View on GitHub →

Enterprise Platform

A distributed architecture that scales from a single server to thousands of endpoints — delivering cryptographic posture visibility from the endpoint to the boardroom.

Endpoints

Lightweight C agents (~2MB)

cbom-generator crypto-tracer pqc-flow

gRPC/HTTP2 TLS 1.3 + mTLS PSK (quantum-safe)

Central Collector

Go service + PostgreSQL/TimescaleDB

Data ingestion Correlation engine Policy engine

API

Web UI

Dashboard & management

Asset browser Correlation views PQC scoring

Correlation & Drift Detection

Eliminate blind spots by automatically matching static CBOM assets against runtime observations. Detect shadow cryptography, configuration drift, and unauthorized algorithms — before auditors do.

Centralized Policy Enforcement

Define and enforce cryptographic policies across distributed environments. Continuous evaluation against live data with automated alerting. Built-in CNSA 2.0 templates for immediate compliance coverage.

PQC Readiness & Roadmap Planning

Organization-wide PQC readiness scoring for long-term migration planning. Dashboard and reporting at CISO and board level. Identify highest-risk assets and track migration progress across the enterprise.

Quantum-Safe Transport

Agent-to-collector communication uses gRPC over HTTP/2 with TLS 1.3, mutual TLS authentication, and pre-shared key support for quantum-safe key establishment. We practice what we preach — CipherIQ's own transport is designed for the post-quantum era.

Audit-Ready Evidence, Not Just Compliance Labels

Enable audit-ready evidence for regulatory frameworks. CipherIQ generates the cryptographic inventory, drift reports, and policy attestations that compliance teams need — continuously, not just at audit time.

Regulatory Frameworks

Continuous evidence generation for HIPAA, SOX, PCI-DSS, FedRAMP, and sector-specific requirements. Automated cryptographic inventory and attestation reports mapped to framework controls.

Post-Quantum Readiness

Full CNSA 2.0 compliance tracking and PQC migration evidence. Demonstrate long-term cryptographic resilience for critical infrastructure with measurable readiness scores and migration roadmaps.

Built for the Teams That Need It Most

Security & Risk Teams

Full cryptographic asset visibility across hybrid infrastructure. Identify weak algorithms, expired certificates, and shadow cryptography before they become incidents.

Compliance & Audit Officers

Continuous compliance evidence and audit-ready reports. Map cryptographic posture directly to regulatory framework controls with automated attestation.

Infrastructure Architects

Understand cryptographic dependencies across services, networks, and endpoints. Plan PQC migration with data-driven prioritization and dependency analysis.

Platform Engineering & DevSecOps

Integrate cryptographic observability into CI/CD pipelines and infrastructure-as-code workflows. Lightweight agents deploy alongside existing tooling with zero application changes.

See CipherIQ in action

Start with the open-source tools or talk to us about the enterprise platform.

Get Started — Open Source Book a Demo