Skip to main content

Static analysis probe for extracting architectural metadata from codebases

Project description

apisec-code-bolt

Static analysis probe for extracting architectural metadata from codebases.

Overview

apisec-code-bolt analyzes source code to extract:

  • Routes/Endpoints — HTTP routes, parameters, request/response types
  • Data Flows — How data moves from entry points to sinks
  • Authentication — Auth schemes, dependencies, role requirements
  • Integrations — External services, databases, APIs
  • Dependencies — Package dependencies and versions

The output is a structured manifest that can be uploaded to the APIsec cloud for vulnerability analysis. Raw source code never leaves your environment.

Installation

pip install apisec-code-bolt

Quick Start

# Analyze a project and upload to cloud
apisec-code-bolt analyze /path/to/project

# Analyze and save manifest locally
apisec-code-bolt analyze . --output manifest.json --no-upload

# With framework hints
apisec-code-bolt analyze . --frameworks fastapi,sqlalchemy

Supported Languages & Frameworks

Currently Supported

Language Frameworks
Python FastAPI
Java Spring Boot

Planned

Language Frameworks
Python Flask, Django
Java Micronaut, Quarkus
Kotlin Spring Boot, Ktor
JavaScript/TypeScript Express, NestJS

Configuration

Create a .codebolt.yaml file in your project root:

analysis:
  file_discovery:
    exclude_patterns:
      - "tests/**"
      - "**/migrations/**"
    max_files: 10000
  
  data_flow:
    mode: inter_procedural
    max_depth: 10

cloud:
  enabled: true
  api_url: https://api.apisec.ai

output:
  format: json

Commands

analyze

Analyze a codebase and generate a manifest.

apisec-code-bolt analyze [PATH] [OPTIONS]

Options:
  -o, --output FILE     Save manifest to file
  --no-upload           Skip uploading to cloud
  --format [json|yaml]  Output format
  --config FILE         Path to config file
  --frameworks TEXT     Comma-separated framework hints
  --exclude TEXT        Glob patterns to exclude
  --max-files INTEGER   Maximum files to analyze
  --timeout INTEGER     Analysis timeout in seconds

auth

Authenticate with the APIsec cloud.

apisec-code-bolt auth [API_KEY] [OPTIONS]

Options:
  --check   Check if already authenticated
  --logout  Remove stored credentials

answer

Answer verification queries (for air-gapped environments).

apisec-code-bolt answer [OPTIONS]

Options:
  -q, --questions FILE  Input questions file (required)
  -o, --output FILE     Output answers file
  -r, --repo PATH       Repository path
  --timeout INTEGER     Query timeout in seconds

Architecture

apisec-code-bolt/
├── cli/                 # Command-line interface
├── core/                # Types, config, manifest schema
├── parsing/             # Language-specific parsers
│   ├── python/          # LibCST-based Python parser
│   └── jvm/             # Java/Kotlin via subprocess
├── frameworks/          # Framework plugins
│   ├── python/          # FastAPI, Flask, Django
│   └── java/            # Spring Boot, Micronaut
├── analysis/            # Call graph, data flow
├── fingerprinting/      # Integration detection
├── query/               # Query API executor
└── cloud/               # Cloud communication

Development

Setup

# Clone and install in development mode
git clone https://github.com/apisec-inc/apisec-code-bolt.git
cd apisec-code-bolt
pip install -e ".[dev]"

Running Tests

pytest

Type Checking

mypy src/apisec_code_bolt

Linting

ruff check src/
black --check src/

Privacy

apisec-code-bolt is designed with privacy as a core principle:

  • No raw code egress — Source code never leaves your environment
  • Metadata only — The manifest contains structural information, not code
  • Outbound only — Only makes outbound HTTPS calls to upload manifests
  • Air-gapped support — Can run completely offline with file-based workflow

License

Proprietary. Copyright © APIsec.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

apisec_code_bolt-0.1.1.tar.gz (548.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

apisec_code_bolt-0.1.1-py3-none-any.whl (459.4 kB view details)

Uploaded Python 3

File details

Details for the file apisec_code_bolt-0.1.1.tar.gz.

File metadata

  • Download URL: apisec_code_bolt-0.1.1.tar.gz
  • Upload date:
  • Size: 548.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.15

File hashes

Hashes for apisec_code_bolt-0.1.1.tar.gz
Algorithm Hash digest
SHA256 2fe909de4b4751466c84d3cf5583178d5f6cfee55ced6613e8a399c75b20cf5b
MD5 901735ec0b14c1d2fa467c9aab1b041f
BLAKE2b-256 a8432359d90b95f6507369b5fce8ec1245f491518c98f3840f7d4dd3e839bb9b

See more details on using hashes here.

File details

Details for the file apisec_code_bolt-0.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for apisec_code_bolt-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 b075ba65c17a85b8868b1e9943924932a3885aa03eb53983f6578dcad5a21c89
MD5 ad5b1f125216dd9fe52139c71a8c4838
BLAKE2b-256 cc876d582f8b818bc0c30d3223ca71c19b46d4b100c75e8a382d30668836aadc

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page