Skip to main content

Overview

Krait’s API Inventory is the foundation of the platform, working the moment you connect a repository. Instead of relying on traffic, Swagger files, or manual documentation, Krait derives your entire API surface directly from your source code. This makes the inventory a living reflection of your application, always one commit away from reality.

How it works

When a scan begins, Krait reads your controllers, routers, middleware chains, validation layers, and underlying service functions. Supported frameworks provide a predictable structure that Krait interprets to reconstruct both the externally visible routes and the internal execution paths they rely on.

Supported frameworks

FastAPI

Laravel

Spring Boot

Express

NestJS

ASP.NET

What you get

The result is a complete, code-derived map of your API. Every endpoint is annotated with:
  • HTTP method
  • Route pattern
  • Handler function
  • Middleware chain
  • Return types
  • Potential status codes
  • Relevant data structures
Nothing is guessed. Nothing relies on runtime conditions. The API surface you see is the API surface your application actually exposes.

Change tracking

Krait’s inventory system tracks evolution over time. When a route changes, Krait automatically highlights it:
Applied when the signature shifts, middleware is added, or handler logic changes
Newly added endpoints receive a “new” tag until reviewed
This streamlines change-aware security reviews and ensures teams never miss an endpoint that quietly altered its behavior.

Benefits

The inventory becomes the backbone for risk analysis, architecture understanding, and downstream DeepScan. By grounding security in real code structure instead of approximations, Krait eliminates the blind spots that plague traditional scanners.