量子计算的兴起带来了重大挑战，因为它有可能破解某些密码算法，这需要采取积极措施来识别并现代化加密代码。在现有代码中识别这些加密元素只是第一步。不仅需要识别对量子计算脆弱的算法，还需要检测漏洞和错误的加密用法，以及对其进行优先级排序、报告、监控，并修复和现代化代码库。美国政府的一份备忘录要求各机构通过优先清点包括软件和硬件系统在内的加密系统开始向后量子密码学（PQC）过渡。本文描述了我们的代码扫描工具——密码扫描仪（Cryptoscope），它利用加密领域的知识以及编译器技术，静态解析和分析源代码。通过分析控制流和数据流，该工具能够构建可扩展且可查询的加密清单。密码扫描仪超越了识别孤立的加密API，而是为用户提供了一个包含全面视图的加密资产清单——即实现的加密操作。我们显示，在超过92%的测试用例中，这些视图包括加密操作本身、API以及相关的材料，如密钥、随机数、随机源等。最后，基于此清单，我们的工具能够在CamBench中检测并报告所有11个加密相关弱点和漏洞中的15个，达到了最先进的性能。

The advent of quantum computing poses a significant challenge as it has the potential to break certain cryptographic algorithms, necessitating a proactive approach to identify and modernize cryptographic code. Identifying these cryptographic elements in existing code is only the first step. It is crucial not only to identify quantum vulnerable algorithms but also to detect vulnerabilities and incorrect crypto usages, to prioritize, report, monitor as well as remediate and modernize code bases. A U.S. government memorandum require agencies to begin their transition to PQC (Post Quantum Cryptograpy) by conducting a prioritized inventory of cryptographic systems including software and hardware systems. In this paper we describe our code scanning tool - Cryptoscope - which leverages cryptographic domain knowledge as well as compiler techniques to statically parse and analyze source code. By analyzing control and data flow the tool is able to build an extendable and querriable inventory of cryptography. Cryptoscope goes beyond identifying disconnected cryptographic APIs and instead provides the user with an inventory of cryptographic assets - containing comprehensive views of the cryptographic operations implemented. We show that for more than 92% of our test cases, these views include the cryptographic operation itself, APIs, as well as the related material such as keys, nonces, random sources etc. Lastly, building on top of this inventory, our tool is able to detect and report all the cryptographic related weaknesses and vulnerabilities (11 out of 15) in CamBench - achieving state-of-the-art performance.