Skip to main content

Static analysis probe for extracting architectural metadata from codebases

Project description

apisec-code-bolt

Static analysis probe for extracting architectural metadata from codebases.

Overview

apisec-code-bolt analyzes source code to extract:

  • Routes/Endpoints — HTTP routes, parameters, request/response types
  • Data Flows — How data moves from entry points to sinks
  • Authentication — Auth schemes, dependencies, role requirements
  • Integrations — External services, databases, APIs
  • Dependencies — Package dependencies and versions

The output is a structured manifest that can be uploaded to the APIsec cloud for vulnerability analysis. Raw source code never leaves your environment.

Installation

pip install apisec-code-bolt

Quick Start

# Analyze a project and upload to cloud
apisec-code-bolt analyze /path/to/project

# Analyze and save manifest locally
apisec-code-bolt analyze . --output manifest.json --no-upload

# With framework hints
apisec-code-bolt analyze . --frameworks fastapi,sqlalchemy

Supported Languages & Frameworks

Currently Supported

Language Frameworks
Python FastAPI
Java Spring Boot

Planned

Language Frameworks
Python Flask, Django
Java Micronaut, Quarkus
Kotlin Spring Boot, Ktor
JavaScript/TypeScript Express, NestJS

Configuration

Create a .codebolt.yaml file in your project root:

analysis:
  file_discovery:
    exclude_patterns:
      - "tests/**"
      - "**/migrations/**"
    max_files: 10000
  
  data_flow:
    mode: inter_procedural
    max_depth: 10

cloud:
  enabled: true
  api_url: https://api.apisec.ai

output:
  format: json

Commands

analyze

Analyze a codebase and generate a manifest.

apisec-code-bolt analyze [PATH] [OPTIONS]

Options:
  -o, --output FILE     Save manifest to file
  --no-upload           Skip uploading to cloud
  --format [json|yaml]  Output format
  --config FILE         Path to config file
  --frameworks TEXT     Comma-separated framework hints
  --exclude TEXT        Glob patterns to exclude
  --max-files INTEGER   Maximum files to analyze
  --timeout INTEGER     Analysis timeout in seconds

auth

Authenticate with the APIsec cloud.

apisec-code-bolt auth [API_KEY] [OPTIONS]

Options:
  --check   Check if already authenticated
  --logout  Remove stored credentials

answer

Answer verification queries (for air-gapped environments).

apisec-code-bolt answer [OPTIONS]

Options:
  -q, --questions FILE  Input questions file (required)
  -o, --output FILE     Output answers file
  -r, --repo PATH       Repository path
  --timeout INTEGER     Query timeout in seconds

Architecture

apisec-code-bolt/
├── cli/                 # Command-line interface
├── core/                # Types, config, manifest schema
├── parsing/             # Language-specific parsers
│   ├── python/          # LibCST-based Python parser
│   └── jvm/             # Java/Kotlin via subprocess
├── frameworks/          # Framework plugins
│   ├── python/          # FastAPI, Flask, Django
│   └── java/            # Spring Boot, Micronaut
├── analysis/            # Call graph, data flow
├── fingerprinting/      # Integration detection
├── query/               # Query API executor
└── cloud/               # Cloud communication

Development

Setup

# Clone and install in development mode
git clone https://github.com/apisec-inc/apisec-code-bolt.git
cd apisec-code-bolt
pip install -e ".[dev]"

Running Tests

pytest

Type Checking

mypy src/apisec_code_bolt

Linting

ruff check src/
black --check src/

Privacy

apisec-code-bolt is designed with privacy as a core principle:

  • No raw code egress — Source code never leaves your environment
  • Metadata only — The manifest contains structural information, not code
  • Outbound only — Only makes outbound HTTPS calls to upload manifests
  • Air-gapped support — Can run completely offline with file-based workflow

License

Proprietary. Copyright © APIsec.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

apisec_code_bolt-0.1.3.tar.gz (613.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

apisec_code_bolt-0.1.3-py3-none-any.whl (514.9 kB view details)

Uploaded Python 3

File details

Details for the file apisec_code_bolt-0.1.3.tar.gz.

File metadata

  • Download URL: apisec_code_bolt-0.1.3.tar.gz
  • Upload date:
  • Size: 613.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for apisec_code_bolt-0.1.3.tar.gz
Algorithm Hash digest
SHA256 8f7d2ffcd39681228d39f3119a0595e517aabedd0f42b5a54a119d5b394a7b83
MD5 05a1bd326b634825e2c86ed5a357aab4
BLAKE2b-256 b7d0624707e53a04fd3a5da9eef4ac79f3e4c707237f110dc7162822b8b0a8a2

See more details on using hashes here.

File details

Details for the file apisec_code_bolt-0.1.3-py3-none-any.whl.

File metadata

File hashes

Hashes for apisec_code_bolt-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 0ca2769a8c631f035ed956f86da4e960ae8e4a9da76196b12e36964ec0b21562
MD5 b8b7810a1393a6ec189739c1926b4fcb
BLAKE2b-256 0e4a274f2d7807012aa3b52abdec87365ae999df24756b62a12a77b18a353c7c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page