cbomkit/sonar-cryptography

The project addresses the emerging regulatory and security need for Cryptography Bill of Materials (CBOM), specifically for post-quantum migration. While the technical implementation relies on standard static analysis patterns within the SonarQube ecosystem, its specific focus on CBOM standards (like CycloneDX extensions) gives it a niche utility. Defensibility is limited as established SCA (Software Composition Analysis) vendors or SonarSource themselves could integrate these rules easily.