README
¶
go-tenable
Go SDK for the Tenable APIs.
| Package | Product | Documentation |
|---|---|---|
sc |
Tenable Security Center (on-prem) | SC Documentation → |
vm |
Tenable Vulnerability Management (cloud) | VM Documentation → |
platform |
Tenable Platform API | Platform Documentation → |
one |
Tenable One API | One Documentation → |
Zero external dependencies — built entirely on Go's standard library.
Installation
go get github.com/riza/go-tenable
Requires Go 1.21+.
Quick Start
Security Center
client := sc.NewClient("https://sc.example.com",
sc.WithAPIKey("access-key", "secret-key"),
)
scans, err := client.Scan.List(context.Background(), nil)
Vulnerability Management
client := vm.NewClient("https://cloud.tenable.com",
vm.WithAPIKey("access-key", "secret-key"),
)
assets, err := client.AssetsService.ListAssets(context.Background())
Tenable Platform API
client := platform.NewClient("https://cloud.tenable.com",
platform.WithAPIKey("access-key", "secret-key"),
)
users, err := client.UsersService.ListUsers(context.Background())
Tenable One API
client := one.NewClient("https://cloud.tenable.com",
one.WithAPIKey("access-key", "secret-key"),
)
paths, err := client.AttackPathService.SearchAttackPaths(context.Background(), &one.APASearchAttackPathsRequest{
Limit: 10,
})
For full examples, authentication options, error handling, and service listings see:
- SC Documentation — Authentication, services list (~85), error handling, examples
- VM Documentation — Authentication, services list (23), error handling, examples
- Platform Documentation — Authentication, services list, error handling, examples
- One Documentation — Authentication, services list, error handling, examples
Testing
Unit Tests
go test ./...
Integration Tests
Integration tests run against live Tenable API instances. They are gated behind the integration build tag and will skip automatically if credentials are not configured.
# Set credentials for the packages you want to test
export TENABLE_SC_URL=https://sc.example.com
export TENABLE_SC_ACCESS_KEY=xxx
export TENABLE_SC_SECRET_KEY=yyy
export TENABLE_VM_URL=https://cloud.tenable.com
export TENABLE_VM_ACCESS_KEY=xxx
export TENABLE_VM_SECRET_KEY=yyy
export TENABLE_PLATFORM_URL=https://cloud.tenable.com
export TENABLE_PLATFORM_ACCESS_KEY=xxx
export TENABLE_PLATFORM_SECRET_KEY=yyy
export TENABLE_ONE_URL=https://cloud.tenable.com
export TENABLE_ONE_ACCESS_KEY=xxx
export TENABLE_ONE_SECRET_KEY=yyy
# Run integration tests
go test -tags=integration ./...
Or use the Makefile target:
TENABLE_SC_URL=https://sc.example.com TENABLE_SC_ACCESS_KEY=xxx TENABLE_SC_SECRET_KEY=yyy \
make test-integration
Examples
Runnable examples are in the examples/ directory:
| Area | Examples |
|---|---|
| SC | scheduled-scans |
| VM | list-assets, list-scans, stop-scan |
| Platform | list-groups |
| One | search-attack-paths, inventory-search, tags-search, export-assets, exposure-cards |
# SC — List scheduled scans
SC_URL=https://sc.example.com SC_ACCESS_KEY=xxx SC_SECRET_KEY=yyy \
go run ./examples/sc/scheduled-scans/
# VM — List assets
VM_URL=https://cloud.tenable.com VM_ACCESS_KEY=xxx VM_SECRET_KEY=yyy \
go run ./examples/vm/list-assets/
# VM — List scans
VM_URL=https://cloud.tenable.com VM_ACCESS_KEY=xxx VM_SECRET_KEY=yyy \
go run ./examples/vm/list-scans/
# VM — Stop scan
VM_URL=https://cloud.tenable.com VM_ACCESS_KEY=xxx VM_SECRET_KEY=yyy \
go run ./examples/vm/stop-scan/
# Platform — List groups
PLATFORM_URL=https://cloud.tenable.com PLATFORM_ACCESS_KEY=xxx PLATFORM_SECRET_KEY=yyy \
go run ./examples/platform/list-groups/
# One — Search attack paths
ONE_URL=https://cloud.tenable.com ONE_ACCESS_KEY=xxx ONE_SECRET_KEY=yyy \
go run ./examples/one/search-attack-paths/
# One — Inventory search
ONE_URL=https://cloud.tenable.com ONE_ACCESS_KEY=xxx ONE_SECRET_KEY=yyy \
go run ./examples/one/inventory-search/
# One — Tags search
ONE_URL=https://cloud.tenable.com ONE_ACCESS_KEY=xxx ONE_SECRET_KEY=yyy \
go run ./examples/one/tags-search/
# One — Export assets
ONE_URL=https://cloud.tenable.com ONE_ACCESS_KEY=xxx ONE_SECRET_KEY=yyy \
go run ./examples/one/export-assets/
# One — Exposure cards
ONE_URL=https://cloud.tenable.com ONE_ACCESS_KEY=xxx ONE_SECRET_KEY=yyy \
go run ./examples/one/exposure-cards/
Project Structure
go-tenable/
├── sc/ # Tenable Security Center SDK
├── vm/ # Tenable Vulnerability Management SDK
├── platform/ # Tenable Platform API SDK
├── one/ # Tenable One API SDK
├── examples/ # Runnable usage examples
├── doc/ # Documentation
│ ├── SC.md # SC package guide
│ ├── VM.md # VM package guide
│ ├── PLATFORM.md # Platform API package guide
│ └── ONE.md # One API package guide
├── go.mod
├── LICENSE
├── CONTRIBUTING.md
└── Makefile
Roadmap
- Typed fields — Replace
interface{}fields with proper Go structs - Pagination helpers — Iterator utilities for list endpoints
- Rate limiting — Configurable rate limiter
- Retry with backoff — Automatic retry for transient errors
- Unified client — Top-level
tenable.Clienttargeting both SC and VM
Contributing
Contributions are welcome! Please see CONTRIBUTING.md for guidelines.
License
This project is licensed under the MIT License — see LICENSE for details.
Documentation
¶
Overview ¶
Package tenable provides Go SDK packages for the Tenable platform APIs.
The SDK is organized into sub-packages, each targeting a specific Tenable product:
- github.com/riza/go-tenable/sc — Tenable Security Center (on-prem)
- github.com/riza/go-tenable/vm — Tenable Vulnerability Management (cloud)
- github.com/riza/go-tenable/platform — Tenable Platform API (access control, agents, scanners, etc.)
- github.com/riza/go-tenable/one — Tenable One API (Attack Path, Exposure View, Inventory, Exports)
All packages follow the same design pattern: create a [Client] with authentication options, then call methods on the service fields.
Zero external dependencies — built entirely on Go's standard library.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
examples
|
|
|
one/export-assets
command
Export inventory assets from Tenable One.
|
Export inventory assets from Tenable One. |
|
one/exposure-cards
command
View Exposure Cards from Tenable One.
|
View Exposure Cards from Tenable One. |
|
one/inventory-search
command
Search inventory assets from Tenable One.
|
Search inventory assets from Tenable One. |
|
one/search-attack-paths
command
Search attack paths from Tenable One.
|
Search attack paths from Tenable One. |
|
one/tags-search
command
Search and manage tags in Tenable One.
|
Search and manage tags in Tenable One. |
|
platform/list-groups
command
List groups and users from Tenable Platform API.
|
List groups and users from Tenable Platform API. |
|
sc/scheduled-scans
command
List all scheduled scans from Tenable Security Center.
|
List all scheduled scans from Tenable Security Center. |
|
vm/assets-by-tag
command
Fetch all assets belonging to a specific Tenable tag using the VM Export API.
|
Fetch all assets belonging to a specific Tenable tag using the VM Export API. |
|
vm/list-assets
command
List all assets from Tenable Vulnerability Management.
|
List all assets from Tenable Vulnerability Management. |
|
vm/list-scans
command
|
|
|
vm/stop-scan
command
|
|
|
Package one provides a Go client for the Tenable One API.
|
Package one provides a Go client for the Tenable One API. |
|
Package platform provides a Go client for the Tenable Platform API.
|
Package platform provides a Go client for the Tenable Platform API. |
|
Package sc provides a Go client for the Tenable Security Center REST API.
|
Package sc provides a Go client for the Tenable Security Center REST API. |
|
Package vm provides a Go client for the Tenable Vulnerability Management (cloud) REST API.
|
Package vm provides a Go client for the Tenable Vulnerability Management (cloud) REST API. |
Click to show internal directories.
Click to hide internal directories.