`vulkro discover`

Map your API surface - extract every HTTP endpoint without running any security scan. Faster than scan and useful when you only need the route inventory (e.g. for OpenAPI generation, contract diffs, or onboarding docs).

Usage

vulkro discover [PATH]
vulkro discover [PATH] --format json

Arguments

Argument	Description	Default
`PATH`	Path to the project root.	`.`

Flags

Flag	Description	Default
`--format`, `-f`	`table`, `json`, `sarif`, `gh-pr`, `junit`, `csv`, `cyclonedx`, `spdx`, `pdf`, `ropa-md`, `ropa-html`.	`table`

What it does

Walks the working tree honouring .gitignore, detects the language and framework, and statically extracts:

HTTP method
Route path (with [param] -> {param} normalisation for Next.js)
Source file + line number
Handler function (when extractable)
Auth status (Protected, Unprotected, Unknown)

Output is the same Endpoint records the security engine consumes - so vulkro discover --format json is the canonical way to feed Vulkro's endpoint detection into another tool.

Example

$ vulkro discover ./mealie

Detected: Python | FastAPI
124 endpoints

GET    /api/auth/refresh                 [Protected]   mealie/routes/auth.py:42
POST   /api/auth/login                   [Unprotected] mealie/routes/auth.py:67
GET    /api/recipes/{slug}               [Protected]   mealie/routes/recipes.py:113
DELETE /api/groups/{group_id}/members    [Protected]   mealie/routes/groups.py:88
...

vulkro scan - the same extraction plus the security pipeline.
vulkro export - emit the surface as OpenAPI 3.1.

Export to OpenAPI

vulkro export . --target openapi -o openapi.yaml

Produces an OpenAPI 3.1 document with one operation per endpoint. Schemas are minimal placeholders - Vulkro doesn't infer request/response shapes - but route paths, parameters, and method are accurate.

Usage​

Arguments​

Flags​

What it does​

Example​

Related​

Export to OpenAPI​