DOCUMENTATION

CipherMap CLI

A single, local binary that audits your codebase for quantum-vulnerable cryptography and grades your readiness against the CNSA 2.0 federal mandate.

Quick Start

Install the binary and scan the current directory in one line. No account, no upload.

curl -sSf https://ciphermap.io/install.sh | sh && ciphermap scan .

The scanner crawls every supported source file, reports each finding inline, and prints a quantum readiness grade summary when it finishes.

Validate Key

After purchasing a Tier A or Tier B license, validate your offline key to unlock CBOM export. Keys are verified locally — no callback to our servers.

ciphermap key --validate CMAP-XXXX-XXXX-XXXX
# ✓ license valid · CBOM export unlocked

CLI Flag Glossary

Compose flags to tune the scan for local audits or automated pipelines.

flagdescription
--format <table|json>Output format. table is human-readable; json emits a CycloneDX 1.6 CBOM.
--fail-on <level>Exit non-zero when findings meet or exceed the level (info, warn, critical).
--include <glob>Restrict the crawl to matching paths, e.g. --include 'src/**/*.go'.
--exclude <glob>Skip matching paths such as vendored or generated directories.
--key <license>Activate an offline license key to unlock CBOM serialization.
--no-colorDisable ANSI colors for logs and non-interactive shells.

Output Formats

Export a machine-readable CycloneDX 1.6 Cryptographic Bill of Materials for auditors and compliance tooling.

ciphermap scan . --format json > cbom.json

{
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "components": [
    {
      "type": "cryptographic-asset",
      "name": "RSA-2048",
      "cryptoProperties": {
        "assetType": "algorithm",
        "nistQuantumSecurityLevel": 0
      }
    }
  ]
}

CI/CD Integration

Add a gate to GitHub Actions with --fail-on=critical to block pull requests that introduce non-compliant cryptography.

# .github/workflows/pqc.yml
name: Post-Quantum Gate
on: [pull_request]

jobs:
  ciphermap:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run CipherMap
        run: |
          curl -sSf https://ciphermap.io/install.sh | sh
          ciphermap scan . --fail-on=critical --format json

The step exits non-zero on any critical finding, turning the check red and blocking the merge until the vulnerable primitive is migrated.