by Shubham Kumar: https://pqca.org/blog/2026/pqca-cbomkit-architecture/

From the page
“CBOMkit is a collection of tools built by IBM (now under the Post-Quantum Cryptography Alliance) for generating and managing Cryptographic Bills of Materials (CBOMs).

A CBOM is a structured inventory of the cryptographic assets present in a software system: algorithms, keys, protocols, and their properties. The kit enables organizations to discover what cryptographic mechanisms their code depends on, how they are configured, and whether those configurations meet defined security standards, including readiness for post-quantum cryptography.”