Installation Guide
Get startedwith BCBob
Five steps to go from vulnerable vibe-coded prototype to production-ready software.
Prerequisites
Requirements
Runtime
Python
3.11+Patch management
Git
Latest01
Download & Install BCB
Download the BCBob CLI tool and install it with pip.
Download BCBob CLI(.zip)
After downloading, run:
1unzip bcb-latest.zip2cd bcb3python3 -m pip install -e .
Expected output: Successfully installed bcb-0.1.0
02
Set Up API Key
Configure your IBM Bob API credentials as environment variables.
macOS / Linux
1export BOB_API_KEY="your-api-key-here"
Windows PowerShell
1$env:BOB_API_KEY = "your-api-key-here"
03
Scan Your Codebase
Run an initial report-only scan to identify vulnerabilities without making changes.
Report Only (recommended first)
1python3 run_bcb.py scan /path/to/project --report-only
Scan & Auto-Fix
1python3 run_bcb.py scan /path/to/project
Critical & High Only
1python3 run_bcb.py scan /path/to/project --severity critical --severity high
04
Review & Fix
Review the generated report and let BCBob auto-fix issues iteratively.
Auto-Fix with Iterations
1python3 run_bcb.py scan /path/to/project --max-iterations 523# This will:4# 1. Discover vulnerabilities5# 2. Verify with IBM Bob LLM6# 3. Cluster into root causes7# 4. Generate & apply patches8# 5. Re-scan until clean
05
Verify & Ship
Run a final verification scan and commit your secured codebase.
Verify
1python3 run_bcb.py verify /path/to/project
Commit
1git add .2git commit -m "Security fixes from BCB scan"
Target: Production readiness ✅ READY
Reference
CLI Commands
01
Full scan with auto-fixpython3 run_bcb.py scan <path>02
Generate report, no changespython3 run_bcb.py scan <path> --report-only03
Preview fixes without applyingpython3 run_bcb.py fix <path> --dry-run04
Verify applied fixespython3 run_bcb.py verify <path>05
Export JSON for CI/CDpython3 run_bcb.py report <path> --format jsonReady to secure
your codebase?
Install BCBob and start auditing in under 5 minutes. No configuration headaches.
Download BCBob CLI