A Python-based scanner that detects compatibility issues when enabling AWS Lambda SnapStart. Helps identify cold-start risks, initialization patterns, and SnapStart-breaking code before deployment.
This Python-based SnapStart Scanner helps developers detect potential compatibility issues before enabling SnapStart on their Lambda functions.
It analyzes your codebase, highlights risky patterns, and generates a simple, readable report.
Perfect for teams adopting SnapStart safely across large serverless applications.
It is inspired by the official SnapStart Bug Scanner for Java — but implemented in Python using libcst, enabling precise analysis without executing code.
- 🔁 Recursive repository scanning (
**/*.py) - 🎯 8 SnapStart-incompatibility rule categories
- 💬 Supports multiple output formats:
textjsonhtml(interactive Jinja2 report)
- 🪶 Inline suppression with comments:
# snapstart: ignore[PY001]
- ⚙️
.snapstart-scan.yamlconfig support - 📊 HTML report with filters + syntax-highlighted code context
Download from GitHub Releases.
chmod +x snapstart-scan
./snapstart-scan --repo /path/to/repo➡️ No Python required.
git clone https://github.com/vanshmadan/aws-lambda-snapstart-python-scanner.git
cd aws-lambda-snapstart-python-scanner
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txtRun scanner:
python cli.py --repo /path/to/lambdasnapstart-scan --repo my-lambda-projectsnapstart-scan --repo . --format htmlOutput:
snapstart_report.html
| Rule | Description |
|---|---|
| PY001 | Mutable module‑level state |
| PY002 | Non‑idempotent logic at import time |
| PY003 | Threads/executors started at import |
| PY004 | Opening files/sockets at import |
| PY005 | Random/time/uuid executed at import |
| PY006 | boto3.client() during init |
| PY007 | Tempfiles, creds or FS access at import |
| PY008 | Dangerous init without restore hooks |
WARN PY001_MUTABLE_MODULE_STATE /app.py:4079
→ routers = [
Mutable object created at module level; consider making immutable or moving to handler.
ERROR PY002_NON_IDEMPOTENT_INIT /test.py:7
→ requests.get("https://example.com")
Potential non-idempotent side-effect call 'requests.get' at module import.
routers = [] # snapstart: ignore[PY001]value = generate_data() # snapstart: ignoreoutput_format: text
ignore_patterns:
- "venv/**"
- "tests/**"
severities:
PY001_MUTABLE_MODULE_STATE: WARN
PY002_NON_IDEMPOTENT_INIT: ERROR
hook_names:
- after_restore
- before_invoke
exit_on:
- ERRORFail pipeline on ERRORs:
./snapstart-scan --repo . --exit-on ERRORLicensed under the Apache License, Version 2.0
http://www.apache.org/licenses/LICENSE-2.0
PRs and issues are welcome!
If you like this project, give it a GitHub star ❤️