ContainerSecurity
-
class ContainerSecurity(access_key=None, secret_key=None, registry=None, url=None, retries=None, backoff=None, ua_identity=None, session=None, proxies=None, vendor=None, product=None, build=None)[source]
The Container Security object is the primary interaction point for users to
interface with Container Security via the pyTenable library. All of the API
endpoint classes that have been written will be grafted onto this class.
- Parameters
access_key (str) – The user’s API access key for Tenable.io.
secret_key (str) – The user’s API secret key for Tenable.io.
url (str, optional) – The base URL that the paths will be appended onto. The default
is https://cloud.tenable.com
.
registry (str, optional) – The registry path to use for docker pushes. The default is
registry.cloud.tenable.com
.
retries (int, optional) – The number of retries to make before failing a request. The
default is 3
.
backoff (float, optional) – If a 429 response is returned, how much do we want to backoff
if the response didn’t send a Retry-After header. The default
backoff is 0.1
seconds.
images
The images methods allow interaction into ContainerSecurity
image API.
Methods available on cs.images
:
-
class ImageAPI(api)[source]
-
delete(repository, image, tag)[source]
Removes the specified image from ContainerSecurity
- Parameters
repository (str) – The name of the repository that the image resides within.
image (str) – The image name.
tag (str) – The specific tag of the image to pull.
- Returns
The image resource record.
- Return type
dict
Examples
>>> cs.images.delete('library', 'apache', 'latest')
-
details(repository, image, tag)[source]
Returns the details of a specified image.
- Parameters
repository (str) – The name of the repository that the image resides within.
image (str) – The image name.
tag (str) – The specific tag of the image to pull.
- Returns
The image resource record.
- Return type
dict
Examples
>>> image = cs.images.details('library', 'apache', 'latest')
-
list(**kw)[source]
Retrieves the list of images stores in ContainerSecurity.
- Parameters
has_malware (bool, optional) – Limits images to only those that either have or don’t have malware.
image_id (str, optional) – Limits the reponse to images with the specified image id.
name (str, optional) – Limits the response to images with the specified name.
limit (int, optional) – The number of items to return for each page. The default if
not specified is 50.
offset (int, optional) – The number of records to skip before returning results. The
default if not specified is 0.
os (str, optional) – Limits the response to images that have the specified base
operating system.
repository (str, optional) – Limits the response to images within the specified repository.
score_operator (str, optional) – The operator for the score threshold. Must be a either eq
,
lt
, or gt
.
score_value (int, optional) – The value for the score threshold. Must be an integer between
0 and 10.
tag (str, optional) – Limits the response to images with the specified tag.
- Returns
an iterator handling the pagination of the response.
- Return type
ImageIterator
Examples
>>> for image in cs.images.list():
... pprint(image)
reports
The reports methods allow interaction into ContainerSecurity
reports API.
Methods available on cs.reports
:
-
class ReportAPI(api)[source]
-
report(digest)[source]
Retrieves the image report by the image digest.
- Parameters
digest (str) – The image digest.
- Returns
The report resource record.
- Return type
dict
repositories
The repositories methods allow interaction into ContainerSecurity
repositories API.
Methods available on cs.repositories
:
-
class RepositoryAPI(api)[source]
-
delete(name)[source]
Removes the specified repository.
- Parameters
name (str) – The name of the repository to delete.
- Returns
None
Examples
>>> cs.repository.delete('library')
-
details(name)[source]
Retrieves the list of images for the specified repository.
- Parameters
name (str) – The name of the repository.
- Returns
List of image resources.
- Return type
list
Examples
>>> for image in cs.repository.details('library'):
... pprint(image)
-
list(**kw)[source]
Retrieves a list of repositories configured within ContainerSecurity.
- Parameters
contains (str, optional) – limit the response to only repositories with the specified
string within their name.
image (str, optional) – limit the response to only repositories containing the image
name.
limit (int, optional) – How many records should be returned within each page of data?
If nothing is specified, then the default is 50.
offset (int, optional) – At what offset do we start returning the data? If nothing is
specified, then the default is 0.
pages (int, optional) – How many pages
- Returns
an iterator handling the pagination of the response.
- Return type
RepositoryIterator
Examples
>>> for repository in cs.repository.list():
... pprint(repository)
uploads
The uploads methods are abstractions to make uploading an image into Container
Security easier for the user.
Methods available on cs.uploads
:
-
class UploadAPI(api)[source]
-
docker_push(name, tag=None, cs_name=None, cs_tag=None)[source]
Uploads an image into Tenable.io Container Security using docker.
- Parameters
name (str) – The name of the local docker image.
tag (str, optional) – The tag for the local docker image. Default is latest.
cs_name (str, optional) – The repository and name for the image in Container Security. If
nothing is specified, the default is library/{name}
cs_tag (str, optional) – The tag to apply to the image in Container Security. If nothing
is specified, then we will use the current setting of the tag
parameter instead.
- Returns
The image identifier.
- Return type
str
usage
The usage methods allow interaction into ContainerSecurity
usage API.
Methods available on cs.usage
:
-
class UsageAPI(api)[source]
-
stats()[source]
Returns the usage statistics for ContainerSecurity
- Returns
The usage statistics information.
- Return type
dict
Examples
>>> stats = cs.usage.stats()
Raw HTTP Calls
Even though the ContainerSecurity
object pythonizes the Container
Security API for you, there may still bee the occasional need to make raw HTTP
calls to the Container Security API. The methods listed below aren’t run
through any naturalization by the library aside from the response code checking.
These methods effectively route directly into the requests session. The
responses will be Response objects from the requests
library. In all cases,
the path is appended to the base url
paramater that the
ContainerSecurity
object was instantiated with.
Example:
resp = cs.get('repositories')
-
class ContainerSecurity(access_key=None, secret_key=None, registry=None, url=None, retries=None, backoff=None, ua_identity=None, session=None, proxies=None, vendor=None, product=None, build=None)[source]
The Container Security object is the primary interaction point for users to
interface with Container Security via the pyTenable library. All of the API
endpoint classes that have been written will be grafted onto this class.
- Parameters
access_key (str) – The user’s API access key for Tenable.io.
secret_key (str) – The user’s API secret key for Tenable.io.
url (str, optional) – The base URL that the paths will be appended onto. The default
is https://cloud.tenable.com
.
registry (str, optional) – The registry path to use for docker pushes. The default is
registry.cloud.tenable.com
.
retries (int, optional) – The number of retries to make before failing a request. The
default is 3
.
backoff (float, optional) – If a 429 response is returned, how much do we want to backoff
if the response didn’t send a Retry-After header. The default
backoff is 0.1
seconds.
-
get(path, **kwargs)
Initiates an HTTP GET request using the specified path. Refer to
requests.request
for more detailed information on what
keyword arguments can be passed:
- Parameters
-
- Returns
requests.Response
-
post(path, **kwargs)
Initiates an HTTP POST request using the specified path. Refer to the
requests.request
for more detailed information on what
keyword arguments can be passed:
- Parameters
-
- Returns
requests.Response
-
put(path, **kwargs)
Initiates an HTTP PUT request using the specified path. Refer to the
requests.request
for more detailed information on what
keyword arguments can be passed:
- Parameters
-
- Returns
requests.Response
-
delete(path, **kwargs)
Initiates an HTTP DELETE request using the specified path. Refer to the
requests.request
for more detailed information on what
keyword arguments can be passed:
- Parameters
-
- Returns
requests.Response