25 commands. 69 detection rules. 10 languages. Zero dependencies. One CLI that scans, advises, and proves its own results.
Security detection across 10 languages. AI hallucination detection. Ghost code, copy-paste drift, and dependency mapping in one pass.
8 Advisor commands turn raw findings into a prioritised roadmap. From a fun teardown (roast) to a board-ready health score (rate).
Published accuracy: precision 1.0, recall 0.31. Zero false positives. SARIF output for CI. A public benchmark repo anyone can re-run.
The scanner that runs on every thuban scan .
Find phantom imports, invented APIs, and deprecated patterns that AI coding tools leave behind. Built specifically to catch the failure modes AI creates.
Only in ThubanDetect hardcoded API keys, passwords, database connection strings, private keys, high-entropy strings, and secrets exposed in git history.
Only in ThubanFind AI-pasted functions that exist but are never called. Dead code inflates your bundle, confuses devs, and hides bugs.
Only in ThubanClear 0-100 score across Security, Architecture, Code Quality, Dependencies, and Mother Code coverage. Grade A through F.
Per-function risk assessment for AI-generated code. Scores every function 0-100% using 12 signals. Know which code needs human review.
Only in ThubanFind similar code blocks scattered across files. Clusters duplicates and recommends shared utilities.
Full dependency graph with circular detection, orphan files, critical path analysis. Know what breaks before you change it.
Translate tech debt into dollars and hours. Show your CTO what bad code costs per month — and what Thuban saves.
CTO Favourite8 commands that turn raw scan data into prioritised, shareable narratives.
roastA brutally honest teardown of your codebase. Entertainment with teeth — every joke is backed by real scan data.
rateStraight /100 health score across security, architecture, dependencies, maintainability, and test coverage. Share with your team or your board.
boostPrioritised fix plan. What to tackle first, what can wait, and what to ignore. The un-roasted version.
riskRisk assessment with commit velocity analysis. Which areas of the codebase are changing fastest and accumulating the most debt?
trend (Team)Track health score over time. See if your codebase is improving or deteriorating sprint-over-sprint.
benchmark (Team)Compare your score against industry averages and Thuban’s public leaderboard.
onboardGenerate a comprehensive onboarding guide for new developers. Architecture overview, sacred files, entry points, gotchas.
complianceMap your codebase against compliance frameworks. OWASP, SOC 2, ISO 27001 readiness check.
Features you won’t find in any other scanner.
Inject contextual DNA into every file. Your codebase becomes self-aware — every file knows what it does, what depends on it, and what breaks if it changes.
Only in ThubanThuban attacks its own scanner with 515+ adversarial seed patterns before trusting the results. If detection rate drops below 95%, the scan fails safe.
Self-VerifyingOne JSON file that describes your entire project — languages, architecture, sacred files, entry points, onboarding guide. New devs productive in minutes.
Onboarding KillerCode evolves. Annotations become stale. Thuban detects when files have drifted from their declared purpose and flags the gap.
Compare two codebases side by side — local or remote. Health score, issues, dependencies, DNA coverage, and a verdict with gap analysis.
Only in ThubanPaste any public GitHub URL and Thuban clones, scans, scores, and cleans up automatically. Evaluate any codebase in 30 seconds.
Only in ThubanFits into your existing workflow without friction.
One command fixes hundreds of issues automatically. Inject annotations, remove debug logs, update deprecated APIs. Dry-run preview before any changes.
Watch mode monitors your codebase in real-time. Save a file, get instant feedback. Hallucination check on every keystroke.
Block bad code before it enters your repo. 3-second scan on every commit catches hallucinated APIs instantly.
Only in ThubanSnapshot your current issues. Future scans only flag NEW problems. Perfect for CI — don’t fail on legacy debt.
CI EssentialEvery detection has a unique rule ID. Suppress false positives with // thuban-ignore HALL_API001.
Beautiful HTML reports you can email to your CTO. Score rings, category breakdowns, fixable items grid. Dark theme. Print-friendly.
CLI, IDE, CI/CD, and AI agents.
Real-time scanning on save. Issues appear as diagnostics. Quick-fix suggestions via Code Actions. Trust score in the status bar.
Drop one file into your repo. Every PR gets a grade comment. Block merges below threshold. Dashboard artifact on every run.
Plug Thuban into AI agents (Claude, GPT, Cursor, Windsurf). The agent can scan codebases, read reports, and fix issues in-loop.
Standard SARIF 2.1.0 output for GitHub Code Scanning, Azure DevOps, and any SARIF-compatible dashboard.
No account. No API key. No code leaves your machine.
npx thuban scan .