Apiiro Deep Code Analysis

Apiiro Deep Code Analysis (DCA) is a code analysis technology that discovers and maps software architecture components within codebases. The tool uses Abstract Syntax Tree (AST) semantic analysis to examine code, text, and developer knowledge across repository history. DCA integrates with source code managers through API connections to automatically generate a graph-based inventory of application components and their relationships. The technology identifies modules, APIs, GraphQL operations, Protobuf services, programming languages, GenAI frameworks, open source dependencies, serverless functions, storage buckets, and other architectural elements. The tool analyzes supply chain components including repositories, CI/CD pipelines, dependencies, artifacts, secrets, and contributors. It examines security controls such as authorization, authentication, encryption, input validation, and session management. Infrastructure components like containers, Kubernetes services, cloud providers, and API gateways are also mapped. DCA evaluates code changes to identify material modifications that may introduce risk. The analysis includes reachability assessment to determine if packages are actively used in code, business impact analysis, malware detection, and abnormal commit behavior monitoring. The technology serves as the foundation for Apiiro's XBOM (eXtended Software Bill of Materials), which provides a dynamic map of software architecture. Organizations use this information to identify, prioritize, remediate, and prevent application risks throughout the software development lifecycle.