// NON-LLM CODE INTELLIGENCE

Twelve scanners.
One binary.
Zero code leaves
your machine.

Unslop finds bugs, vulnerabilities, leaked secrets, code rot, and broken UX — offline, with no model in the detection path. Pure Rust. Zero C dependencies. Air-gap safe by design.

12engines, one CLI
472tests passing
~1kfiles / sec scan
0C dependencies
mxcs@range:~/project OFFLINE

    

// CAPABILITIES

One command. Every layer of slop.

Each subcommand replaces a category of tool. Together they are the hygiene layer your codebase never had — all in a single static binary.

// WHY IT'S BUILT THIS WAY

Three things the cloud scanners can't say.

01

Offline-first

Ingestion, scanning, and every test run against local data. A metered or air-gapped network is never touched. Live fetching is an opt-in feature, not a requirement.

$ unslop scan . # no sockets opened
02

No LLM in the path

Detection is deterministic: HMAC blind-index, MinHash/LSH clone matching, feature-hash kNN, and a CWE-tagged rule engine. Same input, same output — no tokens, no latency, no leakage.

exact · clone · knn · pattern
03

Two-plane encryption

Matching runs on a non-reversible feature plane. Source, provenance, and raw code live in a sealed plane a detection node literally cannot read. Research data that slips into prod leaks nothing.

pepper → match  ·  kek → reveal

// PRICING

Free where it spreads. Paid where it scales.

The CLI is free forever on your machine. Teams pay for the dashboard, CI enforcement, and the encrypted corpus feed. Regulated shops pay to run the whole thing air-gapped.

Free
$0forever

The full CLI, local, single dev. Free for public repos, always.

  • All 12 engines, local scans
  • text / JSON / SARIF output
  • Auto-fix to .unslop.updated
  • Community support
Download
Pro
$12/dev / mo

For solo devs and freelancers who want it in their workflow.

  • Everything in Free
  • Private-repo GitHub App (3 repos)
  • IDE extension Pro
  • --render browser UX engine
  • Findings history
Start Pro
Enterprise
On-premannual license

Run it air-gapped. The tier the cloud scanners can't serve.

  • Self-hosted, fully offline
  • Encrypted two-plane store
  • Updated corpus feed
  • SSO/SAML, audit logs, SLA
  • Custom connectors
Book a demo

// AIR-GAPPED DEPLOYMENT

For the codebases that legally can't touch a cloud.

Fintech, health, defense, critical infra. Unslop runs entirely inside your perimeter — license verification is a signed file checked locally, never a phone-home. No source leaves the building. No model sees your code.

  • Offline signed-license activation (Ed25519, verified in-binary)
  • Source-blind detection nodes (pepper without KEK)
  • Ships as one binary — no Postgres, no native TLS toolchain
  • SARIF everywhere for your existing security pipeline
[ Book an on-prem demo ]
unslop.license.json ● verified locally
"tier": "enterprise",
"licensee": "ACME Federal",
"seats": 250,
"features": ["corpus-feed", "onprem"],
"expires": 1798761600,
"signature": "ed25519:9f2a…c17b"

// GET STARTED

One line. Then scan.

brew install unslop
$ unslop scan .            # match code against the KB
$ unslop secrets .         # hunt leaked credentials + PII
$ unslop quality src/      # code-health + 0–100 score
$ unslop frontend . --render   # real rendered UX audit