Static analysis probe for extracting architectural metadata from codebases
Project description
apisec-code-bolt
Static analysis probe for extracting architectural metadata from codebases.
Overview
apisec-code-bolt analyzes source code to extract:
- Routes/Endpoints — HTTP routes, parameters, request/response types
- Data Flows — How data moves from entry points to sinks
- Authentication — Auth schemes, dependencies, role requirements
- Integrations — External services, databases, APIs
- Dependencies — Package dependencies and versions
The output is a structured manifest that can be uploaded to the APIsec cloud for vulnerability analysis. Raw source code never leaves your environment.
Installation
pip install apisec-code-bolt
Quick Start
# Analyze a project and upload to cloud
apisec-code-bolt analyze /path/to/project
# Analyze and save manifest locally
apisec-code-bolt analyze . --output manifest.json --no-upload
# With framework hints
apisec-code-bolt analyze . --frameworks fastapi,sqlalchemy
Supported Languages & Frameworks
Currently Supported
| Language | Frameworks |
|---|---|
| Python | FastAPI |
| Java | Spring Boot |
Planned
| Language | Frameworks |
|---|---|
| Python | Flask, Django |
| Java | Micronaut, Quarkus |
| Kotlin | Spring Boot, Ktor |
| JavaScript/TypeScript | Express, NestJS |
Configuration
Create a .codebolt.yaml file in your project root:
analysis:
file_discovery:
exclude_patterns:
- "tests/**"
- "**/migrations/**"
max_files: 10000
data_flow:
mode: inter_procedural
max_depth: 10
cloud:
enabled: true
api_url: https://api.apisec.ai
output:
format: json
Commands
analyze
Analyze a codebase and generate a manifest.
apisec-code-bolt analyze [PATH] [OPTIONS]
Options:
-o, --output FILE Save manifest to file
--no-upload Skip uploading to cloud
--format [json|yaml] Output format
--config FILE Path to config file
--frameworks TEXT Comma-separated framework hints
--exclude TEXT Glob patterns to exclude
--max-files INTEGER Maximum files to analyze
--timeout INTEGER Analysis timeout in seconds
auth
Authenticate with the APIsec cloud.
apisec-code-bolt auth [API_KEY] [OPTIONS]
Options:
--check Check if already authenticated
--logout Remove stored credentials
answer
Answer verification queries (for air-gapped environments).
apisec-code-bolt answer [OPTIONS]
Options:
-q, --questions FILE Input questions file (required)
-o, --output FILE Output answers file
-r, --repo PATH Repository path
--timeout INTEGER Query timeout in seconds
Architecture
apisec-code-bolt/
├── cli/ # Command-line interface
├── core/ # Types, config, manifest schema
├── parsing/ # Language-specific parsers
│ ├── python/ # LibCST-based Python parser
│ └── jvm/ # Java/Kotlin via subprocess
├── frameworks/ # Framework plugins
│ ├── python/ # FastAPI, Flask, Django
│ └── java/ # Spring Boot, Micronaut
├── analysis/ # Call graph, data flow
├── fingerprinting/ # Integration detection
├── query/ # Query API executor
└── cloud/ # Cloud communication
Development
Setup
# Clone and install in development mode
git clone https://github.com/apisec-inc/apisec-code-bolt.git
cd apisec-code-bolt
pip install -e ".[dev]"
Running Tests
pytest
Type Checking
mypy src/apisec_code_bolt
Linting
ruff check src/
black --check src/
Privacy
apisec-code-bolt is designed with privacy as a core principle:
- No raw code egress — Source code never leaves your environment
- Metadata only — The manifest contains structural information, not code
- Outbound only — Only makes outbound HTTPS calls to upload manifests
- Air-gapped support — Can run completely offline with file-based workflow
License
Proprietary. Copyright © APIsec.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file apisec_code_bolt-0.1.1.tar.gz.
File metadata
- Download URL: apisec_code_bolt-0.1.1.tar.gz
- Upload date:
- Size: 548.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2fe909de4b4751466c84d3cf5583178d5f6cfee55ced6613e8a399c75b20cf5b
|
|
| MD5 |
901735ec0b14c1d2fa467c9aab1b041f
|
|
| BLAKE2b-256 |
a8432359d90b95f6507369b5fce8ec1245f491518c98f3840f7d4dd3e839bb9b
|
File details
Details for the file apisec_code_bolt-0.1.1-py3-none-any.whl.
File metadata
- Download URL: apisec_code_bolt-0.1.1-py3-none-any.whl
- Upload date:
- Size: 459.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b075ba65c17a85b8868b1e9943924932a3885aa03eb53983f6578dcad5a21c89
|
|
| MD5 |
ad5b1f125216dd9fe52139c71a8c4838
|
|
| BLAKE2b-256 |
cc876d582f8b818bc0c30d3223ca71c19b46d4b100c75e8a382d30668836aadc
|