Skip to main content

Static analysis probe for extracting architectural metadata from codebases

Project description

apisec-code-bolt

Static analysis probe for extracting architectural metadata from codebases.

Overview

apisec-code-bolt analyzes source code to extract:

  • Routes/Endpoints — HTTP routes, parameters, request/response types
  • Data Flows — How data moves from entry points to sinks
  • Authentication — Auth schemes, dependencies, role requirements
  • Integrations — External services, databases, APIs
  • Dependencies — Package dependencies and versions

The output is a structured manifest that can be uploaded to the APIsec cloud for vulnerability analysis. Raw source code never leaves your environment.

Installation

pip install apisec-code-bolt

Quick Start

# Analyze a project and upload to cloud
apisec-code-bolt analyze /path/to/project

# Analyze and save manifest locally
apisec-code-bolt analyze . --output manifest.json --no-upload

# With framework hints
apisec-code-bolt analyze . --frameworks fastapi,sqlalchemy

Supported Languages & Frameworks

Currently Supported

Language Frameworks
Python FastAPI
Java Spring Boot

Planned

Language Frameworks
Python Flask, Django
Java Micronaut, Quarkus
Kotlin Spring Boot, Ktor
JavaScript/TypeScript Express, NestJS

Configuration

Create a .codebolt.yaml file in your project root:

analysis:
  file_discovery:
    exclude_patterns:
      - "tests/**"
      - "**/migrations/**"
    max_files: 10000
  
  data_flow:
    mode: inter_procedural
    max_depth: 10

cloud:
  enabled: true
  api_url: https://api.apisec.ai

output:
  format: json

Commands

analyze

Analyze a codebase and generate a manifest.

apisec-code-bolt analyze [PATH] [OPTIONS]

Options:
  -o, --output FILE     Save manifest to file
  --no-upload           Skip uploading to cloud
  --format [json|yaml]  Output format
  --config FILE         Path to config file
  --frameworks TEXT     Comma-separated framework hints
  --exclude TEXT        Glob patterns to exclude
  --max-files INTEGER   Maximum files to analyze
  --timeout INTEGER     Analysis timeout in seconds

auth

Authenticate with the APIsec cloud.

apisec-code-bolt auth [API_KEY] [OPTIONS]

Options:
  --check   Check if already authenticated
  --logout  Remove stored credentials

answer

Answer verification queries (for air-gapped environments).

apisec-code-bolt answer [OPTIONS]

Options:
  -q, --questions FILE  Input questions file (required)
  -o, --output FILE     Output answers file
  -r, --repo PATH       Repository path
  --timeout INTEGER     Query timeout in seconds

Architecture

apisec-code-bolt/
├── cli/                 # Command-line interface
├── core/                # Types, config, manifest schema
├── parsing/             # Language-specific parsers
│   ├── python/          # LibCST-based Python parser
│   └── jvm/             # Java/Kotlin via subprocess
├── frameworks/          # Framework plugins
│   ├── python/          # FastAPI, Flask, Django
│   └── java/            # Spring Boot, Micronaut
├── analysis/            # Call graph, data flow
├── fingerprinting/      # Integration detection
├── query/               # Query API executor
└── cloud/               # Cloud communication

Development

Setup

# Clone and install in development mode
git clone https://github.com/apisec-inc/apisec-code-bolt.git
cd apisec-code-bolt
pip install -e ".[dev]"

Running Tests

pytest

Type Checking

mypy src/apisec_code_bolt

Linting

ruff check src/
black --check src/

Privacy

apisec-code-bolt is designed with privacy as a core principle:

  • No raw code egress — Source code never leaves your environment
  • Metadata only — The manifest contains structural information, not code
  • Outbound only — Only makes outbound HTTPS calls to upload manifests
  • Air-gapped support — Can run completely offline with file-based workflow

License

Proprietary. Copyright © APIsec.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

apisec_code_bolt-0.1.2.tar.gz (548.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

apisec_code_bolt-0.1.2-py3-none-any.whl (459.5 kB view details)

Uploaded Python 3

File details

Details for the file apisec_code_bolt-0.1.2.tar.gz.

File metadata

  • Download URL: apisec_code_bolt-0.1.2.tar.gz
  • Upload date:
  • Size: 548.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for apisec_code_bolt-0.1.2.tar.gz
Algorithm Hash digest
SHA256 3195cf0d034e00fce42df65c01bc03a5058d2de238b27fc60c6601f3813363bc
MD5 e75bc8d22aee5b26c71b47587538a3f3
BLAKE2b-256 a9431a89e620a039a5cb7550c86d2eba750ac3cbd769f9ed88cb0ed95d79873d

See more details on using hashes here.

File details

Details for the file apisec_code_bolt-0.1.2-py3-none-any.whl.

File metadata

File hashes

Hashes for apisec_code_bolt-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 f7d75fd84ca62ab03f6859b8bc24a7caa65d97e46fe9b6025ddb0b842d6041b3
MD5 76a834cfc6459d056ce9c27a453e9d82
BLAKE2b-256 7d3d15a58608ee1b2bc8ebccd0a2770bab46d49c51cbabe247c5765c56908471

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page