Overview

Bugs slip through reviews and automated testing misses edge cases. Zenable provides AI-powered analysis that identifies subtle bugs and suggests fixes before production, resulting in fewer production incidents.

Out-of-the-Box Bug Detection

Zenable automatically identifies these common bug patterns:

Standard Bug Detection

  • Race Conditions - Unsafe concurrent access, thread safety issues
  • Null/Undefined - Missing null checks, potential NPEs
  • Resource Leaks - Unclosed files, database connections, memory leaks
  • Logic Errors - Off-by-one errors, incorrect conditionals
  • Type Mismatches - Implicit conversions, type confusion
  • Edge Cases - Boundary conditions, empty collections

Custom Bug Detection Rules

Define your organization’s specific bug patterns:
“All database operations must use our retry wrapper, all API calls must include correlation IDs, all monetary calculations must use our Money class with 4 decimal precision, and all user inputs must be sanitized with our custom sanitizer.”

In Action

# Comprehensive bug scan with both standard and custom checks
uvx zenable-mcp check '**/*.{py,js,ts,go}'

# Focus on critical code paths, excluding test files
uvx zenable-mcp check 'src/api/**/*' 'src/payments/**/*' \
  --exclude '**/test_*.py' \
  --exclude '**/*.test.{js,ts}' \
  --exclude '**/*_test.go'

Custom Bug Examples

Example: Business Logic Validation

Your Policy: “All financial calculations must account for currency conversion and rounding rules” 
# ❌ Common bug: incorrect money handling
def calculate_total(items):
    return sum(item.price for item in items)

# ✅ Zenable enforces your money handling rules
def calculate_total(items):
    total = Money(0, currency="USD")
    for item in items:
        converted = currency_service.convert(
            item.price,
            from_currency=item.currency,
            to_currency="USD",
            rate_date=datetime.now()
        )
        total = total.add(converted, rounding=ROUND_HALF_EVEN)
    return total

Example: API Contract Enforcement

Your Policy: “All API responses must include request ID, timestamp, and rate limit headers” 
// ❌ Missing required response structure
app.get('/api/users', async (req, res) => {
    const users = await db.getUsers();
    res.json(users);
});

// ✅ Zenable enforces API contract
app.get('/api/users', async (req, res) => {
    const users = await db.getUsers();
    res.set({
        'X-Request-ID': req.id,
        'X-Timestamp': Date.now(),
        'X-RateLimit-Remaining': req.rateLimit.remaining
    });
    res.json({
        data: users,
        meta: {
            request_id: req.id,
            timestamp: Date.now(),
            count: users.length
        }
    });
});

Example: Data Consistency Rules

Your Policy: “All database writes must use transactions with retry logic and audit logging” 
# ❌ Bug: no transaction or retry
def update_user_balance(user_id, amount):
    user = get_user(user_id)
    user.balance += amount
    save_user(user)

# ✅ Zenable enforces consistency requirements
@with_retry(max_attempts=3, backoff=exponential)
@with_transaction
@audit_log
def update_user_balance(user_id, amount, reason):
    with db.transaction() as tx:
        user = tx.query(User).with_for_update().get(user_id)
        old_balance = user.balance
        user.balance += amount

        tx.add(BalanceHistory(
            user_id=user_id,
            old_balance=old_balance,
            new_balance=user.balance,
            change_amount=amount,
            reason=reason
        ))

        tx.commit()

Benefits

  • Fewer Production Incidents - Catch bugs before they reach users
  • Custom Rule Enforcement - Ensure your specific patterns are followed
  • Reduced Debugging Time - Find root causes faster
  • Improved Code Quality - Systematic bug prevention