Enterprise-Grade Open Source

Know Your Quantum Risk
Before It's Too Late

Scan, score, and remediate quantum-vulnerable cryptography across your entire infrastructure. ML-powered risk assessment with NIST FIPS 203/204 migration planning.

Get Started View on GitHub
Go 1.23 Python 3.11+ React 19 PostgreSQL 16 NIST FIPS 203/204 Apache 2.0
terminal
live
$ curl -X POST http://localhost:8083/api/v1/hndl \
-d '{"algorithm": "RSA-2048", "data_shelf_life_years": 15}'
{"risk_level": "CRITICAL", "years_until_vulnerable": 4, "action": "MIGRATE_NOW"}

Everything You Need to Go Quantum-Safe

From discovery to remediation β€” QRAP covers the entire post-quantum migration lifecycle

πŸ”

Cryptographic Discovery

Scan your infrastructure to discover every cryptographic asset. Identify quantum-vulnerable algorithms β€” RSA, ECDSA, DH, DSA β€” across six risk categories with precise version and key-length detection.

🧠

ML-Powered Risk Scoring

Composite 0–100 risk scores powered by machine learning. Severity-weighted scoring with category-specific multipliers β€” HNDL findings weighted 1.5x for maximum accuracy.

⏰

HNDL Exposure Calculator

Calculate precise Harvest Now, Decrypt Later risk windows using the Mosca inequality. Understand exactly when your encrypted data becomes vulnerable to quantum decryption.

πŸ—ΊοΈ

PQC Migration Planning

Automated migration roadmaps from classical to post-quantum algorithms. RSA β†’ ML-KEM (FIPS 203), ECDSA β†’ ML-DSA (FIPS 204) with phased rollout schedules and effort estimates.

πŸ“Š

Interactive Dashboard

React-powered dashboard for real-time risk visualization. Drill down from organization-level scores to individual findings. Track risk trends across assessment cycles.

πŸ”

Enterprise Security

JWT + API key authentication with constant-time comparison. Per-IP rate limiting, HSTS, CSP, parameterized SQL queries β€” defense in depth for production deployments.

Built for Scale

A polyglot architecture combining Go performance, Python ML, and React interactivity

Web Dashboard
React 19 + Vite 6
:3002
REST / HTTP
Go REST API
Chi v5 Β· Auth Β· CORS Β· Rate Limit
:8083
Python ML Engine
FastAPI Β· Risk Scorer Β· HNDL Β· Migration
:8084
SQL / HTTP
PostgreSQL 16
organizations Β· assessments Β· findings Β· audit_log
:5432
⚑

Go API Server

Chi v5 router with middleware pipeline β€” auth, rate limiting, CORS, and security headers

🧠

Python ML Engine

FastAPI with scikit-learn for risk scoring, HNDL calculations, and migration planning

πŸ“Š

React Dashboard

React 19 + TypeScript SPA for real-time risk visualization and assessment management

Up and Running in 60 Seconds

One command to deploy the full stack β€” API, ML engine, dashboard, and database

Docker Quick Start
# Clone and start the full stack
$ git clone https://github.com/yazhsab/qbitel-qrap.git && cd qbitel-qrap
$ docker compose -f infra/docker/docker-compose.yml up -d
$ make migrate
# Verify
$ curl http://localhost:8083/health
{"status":"ok","service":"qrap-api"}
:8083
REST API
Go + Chi v5
:8084
ML Engine
Python + FastAPI
:3002
Dashboard
React 19

Try the API

Create an assessment & calculate HNDL risk
# Create an organization
$ curl -X POST localhost:8083/api/v1/organizations \
-H "Content-Type: application/json" \
-d '{"name": "Acme Corp"}'
# Calculate HNDL risk for RSA-2048
$ curl -X POST localhost:8083/api/v1/hndl \
-d '{"algorithm": "RSA-2048", "data_shelf_life_years": 15}'
{"risk_level": "CRITICAL", "years_until_vulnerable": 4}

QRAP vs. Traditional Tools

The only open-source platform purpose-built for quantum cryptographic risk assessment

Feature QRAP Qualys Tenable CryptoSense
Quantum Risk Assessment βœ… ❌ ❌ ⚠️
HNDL Exposure Calculation βœ… ❌ ❌ ❌
Mosca Inequality Analysis βœ… ❌ ❌ ❌
PQC Migration Planning βœ… ❌ ❌ ⚠️
ML-Powered Risk Scoring βœ… βœ… βœ… ❌
FIPS 203/204 Alignment βœ… ❌ ❌ ⚠️
Interactive Dashboard βœ… βœ… βœ… βœ…
REST API βœ… βœ… βœ… βœ…
Open Source βœ… ❌ ❌ ❌
Self-Hosted βœ… ❌ ❌ βœ…
Enterprise Auth (JWT) βœ… βœ… βœ… βœ…
Cost πŸ†“ Free $$$ $$$ $$

Documentation

Everything you need to deploy, develop, and contribute

πŸ—οΈ

Architecture

System design, data flow, and tech decisions

 πŸ“‘

API Reference

Complete REST API with examples

 πŸš€

Deployment Guide

Docker, Kubernetes, and production ops

 πŸ”¨

Development Guide

Local setup, coding standards, debugging

 🀝

Contributing

How to contribute to QRAP

 πŸ”’

Security Policy

Vulnerability reporting and security info

Built in the Open

QRAP is open source under Apache 2.0. Whether you're a cryptographer, Go/Python developer, or security professional β€” there's a place for you here.

1

Fork & Clone

Fork the repo and set up your local environment

2

Make Changes

Pick an issue, create a branch, and write your code

3

Submit PR

Run tests, push, and open a pull request

Read Contributing Guide Browse Open Issues