ContainerSecurity

class ContainerSecurity(access_key=None, secret_key=None, registry=None, url=None, retries=None, backoff=None, ua_identity=None, session=None, proxies=None, vendor=None, product=None, build=None)[source]

The Container Security object is the primary interaction point for users to interface with Container Security via the pyTenable library. All of the API endpoint classes that have been written will be grafted onto this class.

Parameters:
  • access_key (str) – The user’s API access key for Tenable.io.
  • secret_key (str) – The user’s API secret key for Tenable.io.
  • url (str, optional) – The base URL that the paths will be appended onto. The default is https://cloud.tenable.com.
  • registry (str, optional) – The registry path to use for docker pushes. The default is registry.cloud.tenable.com.
  • retries (int, optional) – The number of retries to make before failing a request. The default is 3.
  • backoff (float, optional) – If a 429 response is returned, how much do we want to backoff if the response didn’t send a Retry-After header. The default backoff is 0.1 seconds.

images

The images methods allow interaction into ContainerSecurity image API.

Methods available on cs.images:

class ImageAPI(api)[source]
delete(repository, image, tag)[source]

Removes the specified image from ContainerSecurity

Parameters:
  • repository (str) – The name of the repository that the image resides within.
  • image (str) – The image name.
  • tag (str) – The specific tag of the image to pull.
Returns:

The image resource record.
Return type:

dict

Examples

>>> cs.images.delete('library', 'apache', 'latest')
details(repository, image, tag)[source]

Returns the details of a specified image.

Parameters:
  • repository (str) – The name of the repository that the image resides within.
  • image (str) – The image name.
  • tag (str) – The specific tag of the image to pull.
Returns:

The image resource record.
Return type:

dict

Examples

>>> image = cs.images.details('library', 'apache', 'latest')
list(**kw)[source]

Retrieves the list of images stores in ContainerSecurity.

Parameters:
  • has_malware (bool, optional) – Limits images to only those that either have or don’t have malware.
  • image_id (str, optional) – Limits the reponse to images with the specified image id.
  • name (str, optional) – Limits the response to images with the specified name.
  • limit (int, optional) – The number of items to return for each page. The default if not specified is 50.
  • offset (int, optional) – The number of records to skip before returning results. The default if not specified is 0.
  • os (str, optional) – Limits the response to images that have the specified base operating system.
  • repository (str, optional) – Limits the response to images within the specified repository.
  • score_operator (str, optional) – The operator for the score threshold. Must be a either eq, lt, or gt.
  • score_value (int, optional) – The value for the score threshold. Must be an integer between 0 and 10.
  • tag (str, optional) – Limits the response to images with the specified tag.
Returns:

an iterator handling the pagination of the response.
Return type:

ImageIterator

Examples

>>> for image in cs.images.list():
...     pprint(image)

reports

The reports methods allow interaction into ContainerSecurity reports API.

Methods available on cs.reports:

class ReportAPI(api)[source]
report(digest)[source]

Retrieves the image report by the image digest.

Parameters:digest (str) – The image digest.
Returns:The report resource record.
Return type:dict

repositories

The repositories methods allow interaction into ContainerSecurity repositories API.

Methods available on cs.repositories:

class RepositoryAPI(api)[source]
delete(name)[source]

Removes the specified repository.

Parameters:name (str) – The name of the repository to delete.
Returns:None

Examples

>>> cs.repository.delete('library')
details(name)[source]

Retrieves the list of images for the specified repository.

Parameters:name (str) – The name of the repository.
Returns:List of image resources.
Return type:list

Examples

>>> for image in cs.repository.details('library'):
...     pprint(image)
list(**kw)[source]

Retrieves a list of repositories configured within ContainerSecurity.

Parameters:
  • contains (str, optional) – limit the response to only repositories with the specified string within their name.
  • image (str, optional) – limit the response to only repositories containing the image name.
  • limit (int, optional) – How many records should be returned within each page of data? If nothing is specified, then the default is 50.
  • offset (int, optional) – At what offset do we start returning the data? If nothing is specified, then the default is 0.
  • pages (int, optional) – How many pages
Returns:

an iterator handling the pagination of the response.
Return type:

RepositoryIterator

Examples

>>> for repository in cs.repository.list():
...     pprint(repository)

uploads

The uploads methods are abstractions to make uploading an image into Container Security easier for the user.

Methods available on cs.uploads:

class UploadAPI(api)[source]
docker_push(name, tag=None, cs_name=None, cs_tag=None)[source]

Uploads an image into Tenable.io Container Security using docker.

Parameters:
  • name (str) – The name of the local docker image.
  • tag (str, optional) – The tag for the local docker image. Default is latest.
  • cs_name (str, optional) – The repository and name for the image in Container Security. If nothing is specified, the default is library/{name}
  • cs_tag (str, optional) – The tag to apply to the image in Container Security. If nothing is specified, then we will use the current setting of the tag parameter instead.
Returns:

The image identifier.
Return type:

str

usage

The usage methods allow interaction into ContainerSecurity usage API.

Methods available on cs.usage:

class UsageAPI(api)[source]
stats()[source]

Returns the usage statistics for ContainerSecurity

Returns:The usage statistics information.
Return type:dict

Examples

>>> stats = cs.usage.stats()

Raw HTTP Calls

Even though the ContainerSecurity object pythonizes the Container Security API for you, there may still bee the occasional need to make raw HTTP calls to the Container Security API. The methods listed below aren’t run through any naturalization by the library aside from the response code checking. These methods effectively route directly into the requests session. The responses will be Response objects from the requests library. In all cases, the path is appended to the base url paramater that the ContainerSecurity object was instantiated with.

Example:

resp = cs.get('repositories')
class ContainerSecurity(access_key=None, secret_key=None, registry=None, url=None, retries=None, backoff=None, ua_identity=None, session=None, proxies=None, vendor=None, product=None, build=None)[source]

The Container Security object is the primary interaction point for users to interface with Container Security via the pyTenable library. All of the API endpoint classes that have been written will be grafted onto this class.

Parameters:
  • access_key (str) – The user’s API access key for Tenable.io.
  • secret_key (str) – The user’s API secret key for Tenable.io.
  • url (str, optional) – The base URL that the paths will be appended onto. The default is https://cloud.tenable.com.
  • registry (str, optional) – The registry path to use for docker pushes. The default is registry.cloud.tenable.com.
  • retries (int, optional) – The number of retries to make before failing a request. The default is 3.
  • backoff (float, optional) – If a 429 response is returned, how much do we want to backoff if the response didn’t send a Retry-After header. The default backoff is 0.1 seconds.
get(path, **kwargs)

Initiates an HTTP GET request using the specified path. Refer to requests.request for more detailed information on what keyword arguments can be passed:

Parameters:
  • path (str) – The path to be appended onto the base URL for the request.
  • **kwargs (dict) – Keyword arguments to be passed to the Requests Sessions request method.
Returns:

requests.Response
post(path, **kwargs)

Initiates an HTTP POST request using the specified path. Refer to the requests.request for more detailed information on what keyword arguments can be passed:

Parameters:
  • path (str) – The path to be appented onto the base URL for the request.
  • **kwargs (dict) – Keyword arguments to be passed to the Requests Sessions request method.
Returns:

requests.Response
put(path, **kwargs)

Initiates an HTTP PUT request using the specified path. Refer to the requests.request for more detailed information on what keyword arguments can be passed:

Parameters:
  • path (str) – The path to be appended onto the base URL for the request.
  • **kwargs (dict) – Keyword arguments to be passed to the Requests Sessions request method.
Returns:

requests.Response
delete(path, **kwargs)

Initiates an HTTP DELETE request using the specified path. Refer to the requests.request for more detailed information on what keyword arguments can be passed:

Parameters:
  • path (str) – The path to be appended onto the base URL for the request.
  • **kwargs (dict) – Keyword arguments to be passed to the Requests Sessions request method.
Returns:

requests.Response