RQRelix-Q

Open-source post-quantum readiness

Know where your cryptography will break.

Relix-Q finds quantum-vulnerable cryptography across code, dependencies, TLS, and certificates, then turns the inventory into a prioritized migration plan your engineering team can act on.

Download the scannerView on GitHub

Apache-2.0. Runs locally. No account needed. No source-code telemetry.

relixq · one-minute tour
31
programming languages
725+
detection rules
47
rule packs
4
scan surfaces

The readiness gap

Migration starts with evidence, not a spreadsheet guess.

Harvest-now-decrypt-later attacks make long-lived encrypted data a present-day concern. NIST has standardized post-quantum replacements, but most teams still cannot answer the first migration question: where is classical cryptography used?

Read the technical overview
01

RSA / ECC / DH

Quantum-broken public-key cryptography

02

TLS / SSH / JWT

Protocol and configuration risk

03

MD5 / SHA-1 / DES

Cryptography already broken today

04

Keys / certificates

Committed material and classical signatures

One focused platform

From unknown exposure to a defensible migration backlog.

Discover

Build a complete crypto inventory

Scan source code, package manifests, TLS endpoints, certificates, infrastructure configuration, and hand-rolled implementations.

Prioritize

Separate urgent risk from background noise

Classify findings as quantum-broken, quantum-weakened, or broken today, then rank them with risk and crypto-agility scores.

Operationalize

Turn readiness into an engineering workflow

Export JSON, SARIF, Markdown, and HTML. Gate pull requests on new findings while preserving an explicit, reviewable baseline.

Control

Keep sensitive code in your environment

Run the scanner locally or self-host the full stack. Relix-Q OSS does not send source code or scan findings to a SaaS backend.

Five-minute evaluation

Useful before the first meeting ends.

Download one release, scan a repository, and produce machine-readable evidence without uploading code or building a custom toolchain.

  1. 1

    Download

    Choose a prebuilt binary, package, or container image.

  2. 2

    Scan

    Point Relix-Q at a repository, dependency manifest, or TLS endpoint.

  3. 3

    Review

    Inspect the risk score, exact file locations, and migration guidance.

  4. 4

    Gate

    Add SARIF and baseline-aware checks to the pull-request workflow.

Get the scanner

Download Relix-Q.

Tell us who you are and get the Windows installer, release packages, and the GitHub repository. No account, no workspace — the scanner runs entirely on your machine.

No account, no password. We only use this to share releases and PQC guidance.

Stay current

Follow the migration, not the hype.

Get release notes, new language coverage, validation results, and practical guidance for building a post-quantum inventory.

Occasional product updates. No source code or scan data is collected.

OPEN SOURCE, OPEN EVIDENCE

Detection rules, the validation corpus, release artifacts, and implementation are reviewable in the public repository.

Explore the repository