Adding QuantumScan to the ## Testing section, listed alphabetically between PureSec and RetireJS.

QuantumScan is a free post-quantum cryptography scanner for GitHub repositories. It complements other security scanners listed here (Snyk, Checkov, ShiftLeft Scan) by focusing specifically on the cryptographic-asset inventory that DORA (EU 2022/2554) now requires from financial entities and NIS2 mandates for essential/important entities across 18 sectors.

Key features:

• CycloneDX 1.7 CBOM export (cryptographic-asset inventory format recommended by CISA)
• DORA / NIS2 compliance PDF with mapped Article-level findings
• AI-generated migration guides per finding pointing to NIST FIPS 203/204/205 (ML-KEM, ML-DSA, SLH-DSA)
• Slack drift alerts when new vulnerable algorithms appear between scans
• Privacy-first: scanner-core is MIT-licensed at https://github.com/quantumscan-io/scanner-core

The hosted version is free during the design partner phase. Fits the DevSecOps testing workflow as a static analysis step that maps directly to current regulatory frameworks (DORA active since Jan 2025).

Following the alphabetical convention of the section.