NAAb BOLO scans your codebase for security vulnerabilities, LLM-generated stubs, hallucinated APIs, and incomplete logic — with 50+ checks, 5 profiles, and enterprise-ready reports.
50+ pattern checks designed specifically to catch the mistakes that LLMs and humans make most often.
Catches .push() in Python, print() in JS, json.stringify() instead of json.dumps() — the cross-language mistakes LLMs make constantly.
Detects stub functions, pass-only bodies, validate() that always returns True, NotImplementedError, and fabricated status responses.
SQL injection, hardcoded secrets, shell injection, path traversal, privilege escalation, unsafe deserialization, and data exfiltration.
Catches except:pass, bare raises, vague error messages, degenerate loops, always-true conditions, and swallowed exceptions.
TODO/FIXME placeholders, dead code, debug artifacts, simulation markers, mock data, hardcoded URLs, and apologetic language.
LLM-specific validators: prompt injection detection, model metadata validation, training data leakage checks, and bias pattern scanning.
Zero standalone .py or .cpp files. Everything runs through NAAb, using each language where it shines.
$ naab-lang scan.naab ./src --profile enterprise NAAb BOLO Scanner [enterprise] Scanning 47 files in ./src X src/auth.py:12 [no_secrets] Hardcoded API key detected X src/db.py:8 [no_sql_injection] String formatting in SQL query ! src/utils.py:45 [stub_function] validate_input() contains only 'pass' ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Files scanned: 47 Files with issues: 3 Total violations: 3
// Each task uses the optimal language Pattern Matching C++ — std::regex compiles once, 50+ patterns at native speed Report Generation Python — SARIF, HTML, JUnit XML json.dumps, f-strings, xml.etree Enforcement Gates Python — runs pytest, flake8, bandit directly from polyglot blocks File Discovery Shell — find is universal, portable CLI Orchestration NAAb — profiles, colored output, argument parsing, flow control
From quick security checks to enterprise-grade governance. Pick the level that fits your workflow.
Fast security-only scan. Secrets, SQL injection, and shell injection. Runs in seconds.
Security + code quality. Adds stub detection, incomplete logic, and hallucinated API checks.
Full governance suite. All checks enabled, enforcement gates active, SARIF output for CI/CD.
LLM-specific validation. Oversimplification, hallucinated APIs, prompt injection, training data leakage.
Deep security analysis. Entropy-based secret detection, path traversal, privilege escalation, data exfiltration.
Build your own profile. Enable individual checks, set enforcement levels, define custom rules.
NAAb BOLO is built on the NAAb polyglot language. Every tool in the ecosystem uses the best language for each task.
The polyglot programming language with built-in LLM governance. 12 languages, one file. The foundation everything is built on.
Sovereign data gateway and PII protection. Zero leakage to LLMs and APIs. HIPAA, GDPR, SOC2 compliant.
Automatic code optimization. Rewrite slow code in faster languages with mathematical proof of correctness. 3-60x speedups.
NAAb BOLO is open source, MIT licensed, and ready for your CI/CD pipeline.