Tenable API Client (pyTenable)

1.9.1 · active · verified Thu Apr 16

pyTenable is the official Python library for interacting with Tenable's cybersecurity platforms, including Tenable.io and Tenable.sc. It provides a convenient, object-oriented interface to the various APIs, simplifying common tasks like vulnerability management, asset discovery, and compliance checks. The library is actively maintained, with frequent minor and patch releases to support new API features and address issues; its current version is 1.9.1.

Common errors

```
ModuleNotFoundError: No module named 'tenable.io'
```
cause The 'pytenable' library, which exposes the 'tenable' package, is not correctly installed or not available in the current Python environment.

fix Ensure `pytenable` is installed by running `pip install pytenable`. If you are using a virtual environment, ensure it is activated.
```
ModuleNotFoundError: No module named 'pytenable.io'
```
cause Incorrect import path. The primary client classes (like `TenableIO`) are exposed under the `tenable` package, not `pytenable`.

fix Change your import statement from `from pytenable.io import TenableIO` to `from tenable.io import TenableIO`.
```
tenable.errors.TenableAPIError: [401] Unauthorized
```
cause The provided Tenable API access key and secret key are either invalid, expired, or lack the necessary permissions for the requested operation.

fix Verify that your `TENABLE_ACCESS_KEY` and `TENABLE_SECRET_KEY` environment variables (or direct parameters) are correct and correspond to valid API keys with the required permissions in Tenable.io or Tenable.sc.
```
ImportError: cannot import name 'Schema' from 'marshmallow'
```
cause An incompatible version of the `marshmallow` library is installed. pyTenable versions currently require `marshmallow` less than 4.0.0.

fix Downgrade `marshmallow` to a compatible version using `pip install "marshmallow<4.0.0"`. It is highly recommended to use a virtual environment to manage dependencies and avoid conflicts.

Warnings

breaking pyTenable versions (currently 1.9.1 and earlier, from 1.7.5 onwards) explicitly require the `marshmallow` library to be less than version 4.0.0. If you have `marshmallow` v4.0.0 or higher installed, it will lead to `ImportError` exceptions.
Fix: Ensure `marshmallow` is installed at a version less than 4.0.0 (e.g., `pip install "marshmallow<4.0.0"`). It is recommended to use a virtual environment to manage dependencies and avoid conflicts.
gotcha Tenable's underlying APIs frequently evolve. While pyTenable aims to keep compatibility, older versions of the library might not support newly added endpoints or features, or could encounter unexpected behavior if existing endpoint parameters or response structures change significantly.
Fix: Regularly update pyTenable to the latest stable version to ensure compatibility with the most current Tenable APIs. Always review the changelog before updating to understand any potential impact on your existing code.
gotcha Many Tenable APIs return paginated results. pyTenable often provides generator-based iterators (e.g., `.list()`, `.pages()`, `.search()`) to efficiently retrieve all records without manually managing offsets. Directly accessing a client property (e.g., `tio.scans`) usually returns a client object for that API, not an iterable list of results.
Fix: For endpoints that support pagination, use the provided list/pages/search methods (e.g., `tio.scans.list()`, `tio.assets.pages()`, `tio.vulnerabilities.search()`) to retrieve iterable results.

Install

pip install pytenable Install pytenable

Imports

TenableIO
wrong:
```
from pytenable.io import TenableIO
```
correct:
```
from tenable.io import TenableIO
```
The primary client classes (e.g., TenableIO, TenableSC) are exposed under the 'tenable' package namespace, not 'pytenable'.
TenableSC
wrong:
```
from pytenable.sc import TenableSC
```
correct:
```
from tenable.sc import TenableSC
```
The primary client classes (e.g., TenableIO, TenableSC) are exposed under the 'tenable' package namespace, not 'pytenable'.

Quickstart

This quickstart initializes a Tenable.io client using environment variables for authentication and then lists all active scans. It demonstrates the basic structure for interacting with Tenable.io APIs through the `TenableIO` object.

import os
from tenable.io import TenableIO

# Ensure TENABLE_ACCESS_KEY and TENABLE_SECRET_KEY environment variables are set
access_key = os.environ.get('TENABLE_ACCESS_KEY', '')
secret_key = os.environ.get('TENABLE_SECRET_KEY', '')

if not access_key or not secret_key:
    print("Error: TENABLE_ACCESS_KEY and TENABLE_SECRET_KEY environment variables must be set.")
    exit(1)

tio = TenableIO(access_key, secret_key)

# Example: List active scans
try:
    print("Retrieving active scans...")
    scans = tio.scans.list()
    for scan in scans:
        print(f"Scan ID: {scan['id']}, Name: {scan['name']}, Status: {scan['status']}")
    
    if not scans:
        print("No active scans found.")

except Exception as e:
    print(f"An error occurred: {e}")

view raw JSON →