Guide to identifying, analysing, and managing cryptographic algorithms in your source code using SBOM Workbench.
SBOM Workbench includes a cryptography detection feature that identifies the usage of cryptographic algorithms in source code by highlighting cryptography-related keywords. The analysis is performed exclusively on local source code files and does not include external dependencies.The feature helps users quickly locate cryptographic material, understand where it is used, and navigate directly to the relevant sections of code.
In the Home tab, click the New project to add a new project from the source code itself, or click on the arrow to display te dropdown menu to add a new project from a WFP file or import an existing project in the state it was exported.If you choose the option to add a new project, either from sources or WFP file, you will be taken to the Project settings screen.Here, you can customize the following things:
Project name
License
API connections
Scanner settings
You can provide a context file scanoss.json declaring known components to get the most accurate results.
After you add and configure your project settings, the SBOM Workbench will automatically go through various stages: scanning your project, detecting licenses, analysing for dependencies, searching for vulnerabilties and so on.
Click the Crypto Search button to access a list of all local source code files where cryptography-related keywords have been detected.The Crypto Search dashboard provides access to all cryptography detections found in local source code files.
By default, all detected cryptographic algorithms are included in the active filters. These filters represent all algorithms identified across the analyzed source code.
At the top of the right panel, SBOM Workbench displays:
The detected keyword
The associated algorithm, library, SDK, or protocol
The line number(s) where the keyword was detected
Line numbers are clickable and allow direct navigation to the corresponding section of the source code.
Detected items are highlighted using contrasting colors. Color schemes may vary between different visualizations.Detected keywords with associated cryptographic material and navigable line numbers highlighted in the source code.
Click the Report button and navigate to the Cryptography section. This section shows the total number of cryptographic keywords detected in the source code.
Selecting this section opens the detailed cryptography report.Overview of cryptography detections, showing the total number of keywords identified in the source code.
At the top of the report, SBOM Workbench presents statistical charts that summarize cryptographic usage across the entire set of analyzed source code files.These charts provide a high-level view of:
The distribution of cryptographic algorithms
Overall cryptographic keyword usage
Statistical charts summarizing cryptographic algorithm usage across all analysed source files.
Cryptography detection is based on keyword matching.
Only local source code files are analysed.
External dependencies are not included in the analysis.
The SBOM Workbench cryptography detection feature enables users to efficiently identify and analyze cryptographic usage within local source code. By combining detailed code navigation with high-level reporting, SBW supports both in-depth technical review and overall cryptographic visibility.
