L2Inventory — Layer 2 of the platform
Cryptographic Asset Discovery
Find every certificate, key, algorithm, and protocol in your estate. Tag what is quantum-vulnerable. Aggregate by system, by data classification, by source. Without the inventory, no migration plan stands up to scrutiny.
Network scanCloud APIs (AWS / GCP / Azure)Host agentCSV / JSON uploadCode scan
Sample artefact
Total assets
412
% HIGH risk
37.4%
% SAFE
12.1%
| System | Algorithm | Risk |
|---|---|---|
| payments | RSA-2048 | HIGH |
| edge-api | X25519MLKEM768 | SAFE |
| data-warehouse | AES-128 | MEDIUM |
| admin | ECDSA-P256 | HIGH |
Who it's for
- Security teams who need a live inventory, not a one-shot audit
- Architects scoping which systems to migrate first
- Compliance / GRC functions answering "where are our weak primitives?"
- Anyone whose CMDB has nothing under "cryptographic algorithm"
What you get
- Unified asset catalogue across cloud, on-prem, and code
- Algorithm → quantum-risk classifier (HIGH / MEDIUM / LOW / SAFE)
- Heatmap by risk, type, source, system
- Per-system dossier (every key, every cert, every protocol)
- API + dashboard, multi-tenant out of the gate
How it works
Step 1
Ingest from anywhere
TLS scanner reports, AWS ACM / GCP CM / Azure KV APIs, lightweight host agent, code scan via ripgrep + AST sweep, and bulk CSV/JSON upload.
Step 2
Classify automatically
Every algorithm — by name or OID — is mapped to a quantum-risk band. Composite signatures and hybrid KEMs are auto-promoted to SAFE.
Step 3
Aggregate and dispatch
Heatmaps, per-system dossiers, and API queries feed Layer 3 (Migration) so prioritisation runs on the same numbers your team can audit.