{ "bomFormat": "CycloneDX", "specVersion": "1.6", "version": 1, "serialNumber": "urn:uuid:resilq-critical-infra-pilot", "metadata": { "timestamp": "2026-05-08T12:59:35.195512+00:00", "component": { "type": "application", "name": "ResilQ audit model: critical-infra-pilot", "version": "0.1.0-mvp" }, "tools": { "components": [ { "type": "application", "name": "resilq-q", "version": "0.1.0-mvp" } ] } }, "components": [ { "type": "cryptographic-asset", "bom-ref": "crypto:transit:tls", "name": "tls", "version": "unknown", "cryptoProperties": { "assetType": "protocol", "algorithmProperties": { "primitive": "transport-protocol", "family": "tls", "quantumSensitivity": "high" }, "protocolProperties": { "protocol": "tls" } }, "properties": [ { "name": "resilq:layer", "value": "transit" }, { "name": "resilq:qars-classifier", "value": "pending" }, { "name": "resilq:notes", "value": "TLS handshake KEM/auth typically classical-asymmetric (RSA/ECDHE)" } ] }, { "type": "cryptographic-asset", "bom-ref": "crypto:transit:ssh", "name": "ssh", "version": "unknown", "cryptoProperties": { "assetType": "protocol", "algorithmProperties": { "primitive": "transport-protocol", "family": "ssh", "quantumSensitivity": "high" }, "protocolProperties": { "protocol": "ssh" } }, "properties": [ { "name": "resilq:layer", "value": "transit" }, { "name": "resilq:qars-classifier", "value": "pending" }, { "name": "resilq:notes", "value": "SSH key exchange typically Curve25519/ECDH; classical-asymmetric" } ] }, { "type": "cryptographic-asset", "bom-ref": "crypto:transit:dnssec", "name": "dnssec", "version": "unknown", "cryptoProperties": { "assetType": "protocol", "algorithmProperties": { "primitive": "signature", "family": "dnssec", "quantumSensitivity": "high" }, "protocolProperties": { "protocol": "dnssec" } }, "properties": [ { "name": "resilq:layer", "value": "transit" }, { "name": "resilq:qars-classifier", "value": "pending" }, { "name": "resilq:notes", "value": "DNSSEC signing chain typically RSA/ECDSA" } ] }, { "type": "cryptographic-asset", "bom-ref": "crypto:transit:certs", "name": "certs", "version": "unknown", "cryptoProperties": { "assetType": "protocol", "algorithmProperties": { "primitive": "signature", "family": "x509", "quantumSensitivity": "high" }, "protocolProperties": { "protocol": "x509" } }, "properties": [ { "name": "resilq:layer", "value": "transit" }, { "name": "resilq:qars-classifier", "value": "pending" }, { "name": "resilq:notes", "value": "X.509 PKI; PQC migration planned (FIPS 204/205)" } ] }, { "type": "cryptographic-asset", "bom-ref": "crypto:transit:http_headers", "name": "http_headers", "version": "unknown", "cryptoProperties": { "assetType": "protocol", "algorithmProperties": { "primitive": "transport-protocol", "family": "http", "quantumSensitivity": "medium" }, "protocolProperties": { "protocol": "http" } }, "properties": [ { "name": "resilq:layer", "value": "transit" }, { "name": "resilq:qars-classifier", "value": "pending" }, { "name": "resilq:notes", "value": "Header crypto coverage (HSTS, Expect-CT) is metadata-level" } ] }, { "type": "cryptographic-asset", "bom-ref": "crypto:use:openssl", "name": "openssl", "version": "unknown", "cryptoProperties": { "assetType": "library", "algorithmProperties": { "primitive": "library", "family": "openssl", "quantumSensitivity": "high" } }, "properties": [ { "name": "resilq:layer", "value": "use" }, { "name": "resilq:qars-classifier", "value": "pending" }, { "name": "resilq:notes", "value": "Library inventory only — actual algorithms determined at runtime" } ] }, { "type": "cryptographic-asset", "bom-ref": "crypto:use:jwt", "name": "jwt", "version": "unknown", "cryptoProperties": { "assetType": "library", "algorithmProperties": { "primitive": "signature", "family": "jose", "quantumSensitivity": "high" } }, "properties": [ { "name": "resilq:layer", "value": "use" }, { "name": "resilq:qars-classifier", "value": "pending" }, { "name": "resilq:notes", "value": "JWT/JOSE typically RSA/ECDSA; HS256 is symmetric medium" } ] }, { "type": "cryptographic-asset", "bom-ref": "crypto:use:hsm", "name": "hsm", "version": "unknown", "cryptoProperties": { "assetType": "library", "algorithmProperties": { "primitive": "key-storage", "family": "hsm", "quantumSensitivity": "high" } }, "properties": [ { "name": "resilq:layer", "value": "use" }, { "name": "resilq:qars-classifier", "value": "pending" }, { "name": "resilq:notes", "value": "Wrapped keys assumed classical-asymmetric until profile says otherwise" } ] }, { "type": "cryptographic-asset", "bom-ref": "crypto:use:runtime", "name": "runtime", "version": "unknown", "cryptoProperties": { "assetType": "library", "algorithmProperties": { "primitive": "library", "family": "runtime", "quantumSensitivity": "medium" } }, "properties": [ { "name": "resilq:layer", "value": "use" }, { "name": "resilq:qars-classifier", "value": "pending" }, { "name": "resilq:notes", "value": "Generic runtime inventory bucket" } ] }, { "type": "cryptographic-asset", "bom-ref": "crypto:rest:luks", "name": "luks", "version": "unknown", "cryptoProperties": { "assetType": "data-at-rest", "algorithmProperties": { "primitive": "block-cipher", "family": "aes", "quantumSensitivity": "low" } }, "properties": [ { "name": "resilq:layer", "value": "rest" }, { "name": "resilq:qars-classifier", "value": "pending" }, { "name": "resilq:notes", "value": "LUKS uses AES-XTS; Grover halves brute-force margin" } ] }, { "type": "cryptographic-asset", "bom-ref": "crypto:rest:tde", "name": "tde", "version": "unknown", "cryptoProperties": { "assetType": "data-at-rest", "algorithmProperties": { "primitive": "block-cipher", "family": "aes", "quantumSensitivity": "low" } }, "properties": [ { "name": "resilq:layer", "value": "rest" }, { "name": "resilq:qars-classifier", "value": "pending" }, { "name": "resilq:notes", "value": "Transparent DB encryption with AES family" } ] }, { "type": "cryptographic-asset", "bom-ref": "crypto:rest:backups", "name": "backups", "version": "unknown", "cryptoProperties": { "assetType": "data-at-rest", "algorithmProperties": { "primitive": "block-cipher", "family": "aes", "quantumSensitivity": "low" } }, "properties": [ { "name": "resilq:layer", "value": "rest" }, { "name": "resilq:qars-classifier", "value": "pending" }, { "name": "resilq:notes", "value": "Backup-at-rest typically AES-256-GCM" } ] }, { "type": "cryptographic-asset", "bom-ref": "crypto:rest:kms", "name": "kms", "version": "unknown", "cryptoProperties": { "assetType": "data-at-rest", "algorithmProperties": { "primitive": "key-storage", "family": "kms", "quantumSensitivity": "high" } }, "properties": [ { "name": "resilq:layer", "value": "rest" }, { "name": "resilq:qars-classifier", "value": "pending" }, { "name": "resilq:notes", "value": "Cloud KMS envelope keys typically RSA/ECC" } ] } ], "properties": [ { "name": "resilq:cbom-profile", "value": "cyclonedx_1_6" }, { "name": "resilq:evidence-signed", "value": "true" } ] }