Kestrel

Kestrel is a CLI that scans codebases for cryptographic algorithm usage and checks it against compliance frameworks like FIPS 140-3 and PCI DSS 4.0. It produces actionable findings and standards-based artifacts (SARIF and CycloneDX CBOM) so you can enforce crypto policy in CI/CD.

What Kestrel Does

Detects crypto usage in source code (Go AST + Semgrep)
Flags compliance violations with clear remediation guidance
Generates SARIF and CycloneDX CBOM outputs
Audits existing CBOMs against the same compliance rules

Why It Matters

Crypto compliance failures are easy to miss and costly to remediate late. Kestrel helps you catch weak or deprecated algorithms early, validate CBOMs before release, and integrate results into your security pipeline.

What Kestrel Does​

Why It Matters​

What Kestrel Does

Why It Matters