Everything Thuban does.

25 commands. 69 detection rules. 10 languages. Zero dependencies. One CLI that scans, advises, and proves its own results.

25
Commands
69
Detection Rules
10
Languages
0
Dependencies
🔎
1. Scan

Find what’s actually wrong

Security detection across 10 languages. AI hallucination detection. Ghost code, copy-paste drift, and dependency mapping in one pass.

🧠
2. Advise

Know what to fix first

8 Advisor commands turn raw findings into a prioritised roadmap. From a fun teardown (roast) to a board-ready health score (rate).

🔥
3. Prove

Trust the numbers

Published accuracy: precision 1.0, recall 0.31. Zero false positives. SARIF output for CI. A public benchmark repo anyone can re-run.

Supported Languages

JavaScript TypeScript Python Go Rust Java Kotlin PHP Ruby C#

Core Detection Engine

The scanner that runs on every thuban scan .

🔮

AI Hallucination Detection

Find phantom imports, invented APIs, and deprecated patterns that AI coding tools leave behind. Built specifically to catch the failure modes AI creates.

Only in Thuban
🔒

Secret Exposure Scanner

Detect hardcoded API keys, passwords, database connection strings, private keys, high-entropy strings, and secrets exposed in git history.

Only in Thuban
👻

Ghost Code Detection

Find AI-pasted functions that exist but are never called. Dead code inflates your bundle, confuses devs, and hides bugs.

Only in Thuban

Tech Debt Scoring

Clear 0-100 score across Security, Architecture, Code Quality, Dependencies, and Mother Code coverage. Grade A through F.

🤖

AI Risk Score

Per-function risk assessment for AI-generated code. Scores every function 0-100% using 12 signals. Know which code needs human review.

Only in Thuban
📋

Copy-Paste Drift

Find similar code blocks scattered across files. Clusters duplicates and recommends shared utilities.

🔍

Dependency Mapping

Full dependency graph with circular detection, orphan files, critical path analysis. Know what breaks before you change it.

💰

Tech Debt Cost Calculator

Translate tech debt into dollars and hours. Show your CTO what bad code costs per month — and what Thuban saves.

CTO Favourite

Advisor Mode (Pro)

8 commands that turn raw scan data into prioritised, shareable narratives.

roast

A brutally honest teardown of your codebase. Entertainment with teeth — every joke is backed by real scan data.

rate

Straight /100 health score across security, architecture, dependencies, maintainability, and test coverage. Share with your team or your board.

boost

Prioritised fix plan. What to tackle first, what can wait, and what to ignore. The un-roasted version.

risk

Risk assessment with commit velocity analysis. Which areas of the codebase are changing fastest and accumulating the most debt?

trend (Team)

Track health score over time. See if your codebase is improving or deteriorating sprint-over-sprint.

benchmark (Team)

Compare your score against industry averages and Thuban’s public leaderboard.

onboard

Generate a comprehensive onboarding guide for new developers. Architecture overview, sacred files, entry points, gotchas.

compliance

Map your codebase against compliance frameworks. OWASP, SOC 2, ISO 27001 readiness check.

Unique to Thuban

Features you won’t find in any other scanner.

🧬

Mother Code DNA

Inject contextual DNA into every file. Your codebase becomes self-aware — every file knows what it does, what depends on it, and what breaks if it changes.

Only in Thuban
🔥

The Crucible

Thuban attacks its own scanner with 515+ adversarial seed patterns before trusting the results. If detection rate drops below 95%, the scan fails safe.

Self-Verifying
📄

Codebase Passport

One JSON file that describes your entire project — languages, architecture, sacred files, entry points, onboarding guide. New devs productive in minutes.

Onboarding Killer
💡

Drift Detection

Code evolves. Annotations become stale. Thuban detects when files have drifted from their declared purpose and flags the gap.

Codebase Comparison

Compare two codebases side by side — local or remote. Health score, issues, dependencies, DNA coverage, and a verdict with gap analysis.

Only in Thuban
🌐

Scan Any GitHub Repo

Paste any public GitHub URL and Thuban clones, scans, scores, and cleans up automatically. Evaluate any codebase in 30 seconds.

Only in Thuban

Developer Workflow

Fits into your existing workflow without friction.

🔧

Auto-Fix

One command fixes hundreds of issues automatically. Inject annotations, remove debug logs, update deprecated APIs. Dry-run preview before any changes.

👁

Live Sentinel

Watch mode monitors your codebase in real-time. Save a file, get instant feedback. Hallucination check on every keystroke.

🚫

Pre-Commit Gate

Block bad code before it enters your repo. 3-second scan on every commit catches hallucinated APIs instantly.

Only in Thuban
📐

Baseline & Delta Scanning

Snapshot your current issues. Future scans only flag NEW problems. Perfect for CI — don’t fail on legacy debt.

CI Essential
📜

Rule IDs & Suppression

Every detection has a unique rule ID. Suppress false positives with // thuban-ignore HALL_API001.

📈

Visual Dashboard

Beautiful HTML reports you can email to your CTO. Score rings, category breakdowns, fixable items grid. Dark theme. Print-friendly.

Integrations

CLI, IDE, CI/CD, and AI agents.

💻

VS Code Extension

Real-time scanning on save. Issues appear as diagnostics. Quick-fix suggestions via Code Actions. Trust score in the status bar.

GitHub Actions

Drop one file into your repo. Every PR gets a grade comment. Block merges below threshold. Dashboard artifact on every run.

🤖

MCP Server

Plug Thuban into AI agents (Claude, GPT, Cursor, Windsurf). The agent can scan codebases, read reports, and fix issues in-loop.

📄

SARIF Output

Standard SARIF 2.1.0 output for GitHub Code Scanning, Azure DevOps, and any SARIF-compatible dashboard.

Try it now — free, 10 seconds

No account. No API key. No code leaves your machine.

npx thuban scan .

See pricing →  •  Read the blog →  •  vs SonarQube →