StackHawk API Discovery is an application security tool that identifies and maps APIs and applications directly from source code repositories. The tool connects to GitHub, GitLab, or Bitbucket to analyze repositories and detect REST, GraphQL, gRPC, WebSocket endpoints, serverless functions, and microservices without requiring agents or production scanning. The platform provides continuous visibility by updating automatically with every code commit. It identifies applications that handle sensitive data including PII, PCI, and HIPAA information at the code level. The tool surfaces commit activity and change velocity to help security teams prioritize high-risk repositories. StackHawk API Discovery uses AI to automatically generate OpenAPI specifications from source code, eliminating manual specification writing and maintenance. These specifications update continuously as code changes and can be used to configure DAST scans. The tool distinguishes between testable applications and other repository types such as documentation, libraries, and infrastructure. It detects languages and frameworks in use across repositories including Spring Boot, Rails, Django, and Express. The platform aims to address shadow API discovery by identifying endpoints before production deployment. It provides visibility into modern application components including microservices, serverless functions, and AI/LLM integrations that expand the attack surface beyond traditional application architectures.