Skip to main content
SBOM Workbench includes a cryptography detection feature that identifies the usage of cryptographic algorithms in source code by highlighting cryptography-related keywords. The analysis is performed exclusively on local source code files and does not include external dependencies. The feature helps users quickly locate cryptographic material, understand where it is used, and navigate directly to the relevant sections of code.

Installation

  1. Visit SBOM Workbench releases
  2. Download the installer for your platform:
    • macOS: .dmg file
    • Windows: .exe installer
    • Linux: .AppImage or .deb package
  3. Run the installer

Getting Started

Add or Import Your Project

In the Home tab, click the New project to add a new project from the source code itself, or click on the arrow to display te dropdown menu to add a new project from a WFP file or import an existing project in the state it was exported. sbom-wb-home If you choose the option to add a new project, either from sources or WFP file, you will be taken to the Project settings screen. project-setting Here, you can customize the following things:
  • Project name
  • License
  • API connections
  • Scanner settings
You can provide a context file scanoss.json declaring known components to get the most accurate results.
After you add and configure your project settings, the SBOM Workbench will automatically go through various stages: scanning your project, detecting licenses, analysing for dependencies, searching for vulnerabilties and so on.

Accessing Cryptography Detection Results

SBOM Workbench provides two primary ways to access cryptography detection results:
  • Crypto Search
  • Cryptography Report
Click the Crypto Search button to access a list of all local source code files where cryptography-related keywords have been detected. crypto-search The Crypto Search dashboard provides access to all cryptography detections found in local source code files.

Default Filters

By default, all detected cryptographic algorithms are included in the active filters. These filters represent all algorithms identified across the analyzed source code. The left panel displays a hierarchical tree of source code files. Selecting a file or node in the tree updates the right panel with:
  • The source code of the selected File
  • Detected cryptographic keywords within that file
crypto-search-results File tree navigation with detected cryptographic keywords and corresponding source code displayed on the right panel.

Detection Details

At the top of the right panel, SBOM Workbench displays:
  • The detected keyword
  • The associated algorithm, library, SDK, or protocol
  • The line number(s) where the keyword was detected
Line numbers are clickable and allow direct navigation to the corresponding section of the source code. Detected items are highlighted using contrasting colors. Color schemes may vary between different visualizations. detected components Detected keywords with associated cryptographic material and navigable line numbers highlighted in the source code.

Crypto Report

Click the Report button and navigate to the Cryptography section. This section shows the total number of cryptographic keywords detected in the source code. Selecting this section opens the detailed cryptography report. crypto-report Overview of cryptography detections, showing the total number of keywords identified in the source code.

Statistical Overview

At the top of the report, SBOM Workbench presents statistical charts that summarize cryptographic usage across the entire set of analyzed source code files. These charts provide a high-level view of:
  • The distribution of cryptographic algorithms
  • Overall cryptographic keyword usage
crypto-usage Statistical charts summarizing cryptographic algorithm usage across all analysed source files.

Detection List

The lower section of the report lists cryptographic keyword detections per file, including:
  • The type of identified material (algorithm, library, SDK, or protocol)
  • The name of the detected item
From the detection list in the cryptography report, users can navigate back to the Crypto Search view:
  • Clicking a file path displays all cryptographic detections for that specific file.
  • Clicking an algorithm name displays only the keywords related to that algorithm within the selected file.
This navigation allows users to move seamlessly between high-level reporting and detailed code-level analysis.

Limitations

  • Cryptography detection is based on keyword matching.
  • Only local source code files are analysed.
  • External dependencies are not included in the analysis.
The SBOM Workbench cryptography detection feature enables users to efficiently identify and analyze cryptographic usage within local source code. By combining detailed code navigation with high-level reporting, SBW supports both in-depth technical review and overall cryptographic visibility.