cerebion.com

What It Is

Cerebion Rivet is a post-quantum security analysis platform designed to help organizations identify quantum-vulnerable areas in code, certificates, network services, and binaries before quantum computers become capable of practically breaking traditional public-key cryptography such as RSA, ECC, and Diffie-Hellman. It emphasizes a “local by default” approach, supports air-gapped/offline environments, and can map findings to NIST PQC alternatives.

Core Capabilities

The product offers four types of analyzers. Code analysis supports 35+ languages and uses OpenGrep rules to detect RSA, ECDH, weak hashes, AES-128, deprecated TLS, hardcoded keys, and more. Certificate analysis can inspect X.509 certificates, certificate chains, key algorithms, and expiration dates, while providing a 0–100 quantum risk score. Network analysis scans common TLS ports and automatically reuses the certificate analysis engine. Binary analysis is currently in Beta and supports formats such as PE, ELF, Mach-O, and ZIP/JAR, making it suitable for scenarios where source code is unavailable. On the management side, it provides a unified dashboard, trends, scan history, executive summaries, and exports in multiple formats. CI/CD integrations cover GitHub Actions, GitLab CI, and Jenkins.

Pricing and Ease of Use

Pricing is based on a monthly license subscription, with a 14-day free trial and no credit card required. After the Launch discount, 1, 3, and 10 licenses cost $99.50, $249.50, and $649.50 per month respectively; more than 10 licenses require contacting sales. For professional security teams, the pricing is transparent, though it is still not especially cheap for small development teams. AI-powered remediation and reporting are highlights, but AI code fixes require users to bring their own LLM API key, and the official guidance also notes that fixes should be reviewed before being applied.

Pros and Cons

Its strengths are broad coverage: it does not only inspect source code, but can also assess certificates, TLS services, and compiled binaries. The offline mode is valuable for high-security environments. Risk scoring, migration urgency indicators, and reporting features also make it easier to communicate findings to management. Limitations include the fact that binary analysis is still in Beta, and the available materials do not disclose SLA details, support channels, company location, or payment methods. The trial is also subject to U.S. export control restrictions.

Who It’s For and Access from China

It is better suited to enterprises that already have security teams and are conducting cryptographic asset inventories, compliance audits, or post-quantum migration roadmap planning. Availability of access, payment, and trial eligibility from mainland China is not specified in the materials, so it should be considered unknown. If access or procurement is restricted, an alternative workflow could be built by combining local SAST, certificate scanning, TLS scanning, and open-source cryptographic rules.