Capability · 01
40+ connectors
AWS, Azure, GCP, Kubernetes, Docker registries, GitHub, GitLab, Bitbucket, CT logs, Censys, Shodan, OT/ICS-aware connectors.
What this module does
CBOM Discovery is the system of record for the cryptographic estate. Continuous, agentless discovery across cloud, on-prem, source code, container registries, certificate authorities, code-signing pipelines, and OT/ICS endpoints. Every algorithm, every key, every certificate, every crypto library call, one queryable inventory.
Capabilities
Four operational capabilities.
Capability · 02
Zero production footprint
Agentless discovery, nothing to install on hosts, no agent process to maintain, no performance risk.
Capability · 03
Real-time delta detection
Cryptographic state changes detected within minutes; CT-log enriched for certificate-issuance signals.
Capability · 04
Queryable forever
The CBOM is your permanent system of record. Audit any algorithm, any key, any certificate, any moment.
Technical detail
What evaluators want to know.
Algorithm coverage
TLS, SSH, X.509, code-signing, JWT, container signatures, OT/ICS protocol crypto, embedded device primitives.
Asset metadata
Algorithm, key length, key purpose, certificate authority, validity window, exposure surface, owning service.
Query API
GraphQL and REST APIs for CBOM contents · webhook events for state changes.
Region pinning
All CBOM data region-pinned at write time · Frankfurt, Dublin, Zurich.