Skip to main content

Static analysis probe for extracting architectural metadata from codebases

Project description

apisec-code-bolt

Static analysis probe for extracting architectural metadata from codebases.

Overview

apisec-code-bolt analyzes source code to extract:

  • Routes/Endpoints — HTTP routes, parameters, request/response types
  • Data Flows — How data moves from entry points to sinks
  • Authentication — Auth schemes, dependencies, role requirements
  • Integrations — External services, databases, APIs
  • Dependencies — Package dependencies and versions

The output is a structured manifest that can be uploaded to the APIsec cloud for vulnerability analysis. Raw source code never leaves your environment.

Installation

pip install apisec-code-bolt

Quick Start

# Analyze a project and upload to cloud
apisec-code-bolt analyze /path/to/project

# Analyze and save manifest locally
apisec-code-bolt analyze . --output manifest.json --no-upload

# With framework hints
apisec-code-bolt analyze . --frameworks fastapi,sqlalchemy

Supported Languages & Frameworks

Currently Supported

Language Frameworks
Python FastAPI
Java Spring Boot

Planned

Language Frameworks
Python Flask, Django
Java Micronaut, Quarkus
Kotlin Spring Boot, Ktor
JavaScript/TypeScript Express, NestJS

Configuration

Create a .codebolt.yaml file in your project root:

analysis:
  file_discovery:
    exclude_patterns:
      - "tests/**"
      - "**/migrations/**"
    max_files: 10000
  
  data_flow:
    mode: inter_procedural
    max_depth: 10

cloud:
  enabled: true
  api_url: https://api.apisec.ai

output:
  format: json

Commands

analyze

Analyze a codebase and generate a manifest.

apisec-code-bolt analyze [PATH] [OPTIONS]

Options:
  -o, --output FILE     Save manifest to file
  --no-upload           Skip uploading to cloud
  --format [json|yaml]  Output format
  --config FILE         Path to config file
  --frameworks TEXT     Comma-separated framework hints
  --exclude TEXT        Glob patterns to exclude
  --max-files INTEGER   Maximum files to analyze
  --timeout INTEGER     Analysis timeout in seconds

auth

Authenticate with the APIsec cloud.

apisec-code-bolt auth [API_KEY] [OPTIONS]

Options:
  --check   Check if already authenticated
  --logout  Remove stored credentials

answer

Answer verification queries (for air-gapped environments).

apisec-code-bolt answer [OPTIONS]

Options:
  -q, --questions FILE  Input questions file (required)
  -o, --output FILE     Output answers file
  -r, --repo PATH       Repository path
  --timeout INTEGER     Query timeout in seconds

Architecture

apisec-code-bolt/
├── cli/                 # Command-line interface
├── core/                # Types, config, manifest schema
├── parsing/             # Language-specific parsers
│   ├── python/          # LibCST-based Python parser
│   └── jvm/             # Java/Kotlin via subprocess
├── frameworks/          # Framework plugins
│   ├── python/          # FastAPI, Flask, Django
│   └── java/            # Spring Boot, Micronaut
├── analysis/            # Call graph, data flow
├── fingerprinting/      # Integration detection
├── query/               # Query API executor
└── cloud/               # Cloud communication

Development

Setup

# Clone and install in development mode
git clone https://github.com/apisec-inc/apisec-code-bolt.git
cd apisec-code-bolt
pip install -e ".[dev]"

Running Tests

pytest

Type Checking

mypy src/apisec_code_bolt

Linting

ruff check src/
black --check src/

Privacy

apisec-code-bolt is designed with privacy as a core principle:

  • No raw code egress — Source code never leaves your environment
  • Metadata only — The manifest contains structural information, not code
  • Outbound only — Only makes outbound HTTPS calls to upload manifests
  • Air-gapped support — Can run completely offline with file-based workflow

License

Proprietary. Copyright © APIsec.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

apisec_code_bolt-0.1.4.tar.gz (614.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

apisec_code_bolt-0.1.4-py3-none-any.whl (515.1 kB view details)

Uploaded Python 3

File details

Details for the file apisec_code_bolt-0.1.4.tar.gz.

File metadata

  • Download URL: apisec_code_bolt-0.1.4.tar.gz
  • Upload date:
  • Size: 614.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for apisec_code_bolt-0.1.4.tar.gz
Algorithm Hash digest
SHA256 d4853ba35165f6e66843a84101d4e84bec340f984dc5a7b66e006cd355454203
MD5 b9125e0e946e894e840362f99a5b9a83
BLAKE2b-256 78c2f1854226933d53c62a2f11bb83f1303a08d2e40a9576d4dc1e5602b9b3d5

See more details on using hashes here.

File details

Details for the file apisec_code_bolt-0.1.4-py3-none-any.whl.

File metadata

File hashes

Hashes for apisec_code_bolt-0.1.4-py3-none-any.whl
Algorithm Hash digest
SHA256 1d1f779ece2c3ff3189fd756cea3b22d13e83e2bc6d3177014f7bb53a93ecca2
MD5 53472c60b195d4d40a617e7937bc270c
BLAKE2b-256 509404e1d35a070375dd64da70beb802e459c440e9da2bc6732ed048c9a4b921

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page