qualys-cli 0.1.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,319 @@
1
+ Metadata-Version: 2.4
2
+ Name: qualys-cli
3
+ Version: 0.1.1
4
+ Summary: Command-line interface for the Qualys REST APIs (VM, PC, PM, ETM, WAS, TC, CA, CS, CSAM, Sub, Asset, User).
5
+ Project-URL: Homepage, https://github.com/qualys/qualys-cli
6
+ Project-URL: Documentation, https://github.com/qualys/qualys-cli#readme
7
+ Project-URL: Issues, https://github.com/qualys/qualys-cli/issues
8
+ Project-URL: Changelog, https://github.com/qualys/qualys-cli/blob/main/CHANGELOG.md
9
+ Author: qualys-cli contributors
10
+ License: MIT License
11
+
12
+ Copyright (c) 2026 qualys-cli contributors
13
+
14
+ Permission is hereby granted, free of charge, to any person obtaining a copy
15
+ of this software and associated documentation files (the "Software"), to deal
16
+ in the Software without restriction, including without limitation the rights
17
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
18
+ copies of the Software, and to permit persons to whom the Software is
19
+ furnished to do so, subject to the following conditions:
20
+
21
+ The above copyright notice and this permission notice shall be included in all
22
+ copies or substantial portions of the Software.
23
+
24
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
25
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
26
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
27
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
28
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
29
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30
+ SOFTWARE.
31
+ License-File: LICENSE
32
+ Keywords: cli,cspm,patch-management,qualys,security,vm,vulnerability-management
33
+ Classifier: Development Status :: 4 - Beta
34
+ Classifier: Environment :: Console
35
+ Classifier: Intended Audience :: Information Technology
36
+ Classifier: Intended Audience :: System Administrators
37
+ Classifier: License :: OSI Approved :: MIT License
38
+ Classifier: Operating System :: MacOS
39
+ Classifier: Operating System :: Microsoft :: Windows
40
+ Classifier: Operating System :: POSIX
41
+ Classifier: Programming Language :: Python :: 3
42
+ Classifier: Programming Language :: Python :: 3 :: Only
43
+ Classifier: Programming Language :: Python :: 3.11
44
+ Classifier: Programming Language :: Python :: 3.12
45
+ Classifier: Programming Language :: Python :: 3.13
46
+ Classifier: Topic :: Security
47
+ Classifier: Topic :: System :: Systems Administration
48
+ Classifier: Topic :: Utilities
49
+ Requires-Python: >=3.11
50
+ Requires-Dist: brotli>=1.1
51
+ Requires-Dist: click>=8.1
52
+ Requires-Dist: httpx>=0.27
53
+ Requires-Dist: keyring>=24
54
+ Requires-Dist: pyyaml>=6
55
+ Requires-Dist: rich>=13
56
+ Requires-Dist: typer<0.26,>=0.12
57
+ Requires-Dist: xmltodict>=0.13
58
+ Requires-Dist: zstandard>=0.22
59
+ Provides-Extra: codegen
60
+ Requires-Dist: anthropic>=0.30; extra == 'codegen'
61
+ Requires-Dist: defusedxml>=0.7; extra == 'codegen'
62
+ Requires-Dist: pydantic>=2; extra == 'codegen'
63
+ Requires-Dist: pypdf>=4; extra == 'codegen'
64
+ Requires-Dist: selectolax>=0.3; extra == 'codegen'
65
+ Requires-Dist: trafilatura>=1.9; extra == 'codegen'
66
+ Description-Content-Type: text/markdown
67
+
68
+ # qualys-cli
69
+
70
+ [![CI](https://github.com/qualys/qualys-cli/actions/workflows/ci.yml/badge.svg)](https://github.com/qualys/qualys-cli/actions/workflows/ci.yml)
71
+ [![PyPI](https://img.shields.io/pypi/v/qualys-cli.svg)](https://pypi.org/project/qualys-cli/)
72
+ [![Python](https://img.shields.io/pypi/pyversions/qualys-cli.svg)](https://pypi.org/project/qualys-cli/)
73
+ [![License](https://img.shields.io/pypi/l/qualys-cli.svg)](LICENSE)
74
+
75
+ A unified command-line interface for the Qualys REST APIs — covering VM, PC,
76
+ Patch Management, ETM, WAS, TotalCloud (TC), Cloud Agent (CA), Container
77
+ Security (CS), CSAM, Subscription, Asset, and User management. Rich table
78
+ output, JSON / YAML / JSONL export, automatic retry with backoff, JWT auto-
79
+ refresh, OS-keyring credential storage, and a clean machine-readable mode for
80
+ scripting and AI agents.
81
+
82
+ ```text
83
+ ╭─────────────────────────────────────────────────╮
84
+ │ qualys-cli · 273 endpoints, one CLI │
85
+ │ vm · pc · pm · etm · was · tc · ca · cs │
86
+ │ csam · sub · asset · user · scanauth │
87
+ ╰─────────────────────────────────────────────────╯
88
+ ```
89
+
90
+ ## Install
91
+
92
+ ```bash
93
+ # End user (recommended)
94
+ pipx install qualys-cli
95
+
96
+ # Or from source
97
+ pipx install git+https://github.com/qualys/qualys-cli
98
+
99
+ # Development
100
+ git clone https://github.com/qualys/qualys-cli && cd qualys-cli
101
+ uv sync
102
+ uv run qualys-cli --help
103
+ ```
104
+
105
+ Python 3.11+ required. Works on macOS, Linux, and Windows.
106
+
107
+ ## Quick start
108
+
109
+ ```bash
110
+ # 1. Configure credentials (interactive — password stored in OS keyring)
111
+ qualys-cli configure
112
+
113
+ # 2. Run any command
114
+ qualys-cli vm host list --limit 10
115
+ qualys-cli was webapp list
116
+ qualys-cli pm job list --format json
117
+ ```
118
+
119
+ ### Non-interactive setup (CI / Docker)
120
+
121
+ ```bash
122
+ qualys-cli configure \
123
+ --url https://qualysapi.qualys.com \
124
+ --username "$QUALYS_USERNAME" \
125
+ --password "$QUALYS_PASSWORD" \
126
+ --output-mode agentic
127
+ ```
128
+
129
+ Credentials resolve in this priority order:
130
+ 1. `QUALYS_URL` / `QUALYS_USERNAME` / `QUALYS_PASSWORD` / `QUALYS_TOKEN` env vars
131
+ 2. OS keyring (per-profile entry)
132
+ 3. `~/.config/qualys-cli/config.toml`
133
+
134
+ Multiple profiles via `--profile <name>` or `QUALYS_PROFILE`. List with `qualys-cli profiles`.
135
+
136
+ ## Output modes
137
+
138
+ The CLI has two top-level modes that govern the *default* output style:
139
+
140
+ | Mode | Default output | Spinners / colours | Use case |
141
+ |---------------|---------------------------------|--------------------|------------------------------|
142
+ | `interactive` | Rich table (first 25 rows) | Yes | Humans in a terminal |
143
+ | `agentic` | JSON, no decoration | No | Scripts, pipelines, AI agents |
144
+
145
+ Switch the persistent default for a profile:
146
+
147
+ ```bash
148
+ qualys-cli mode # show current
149
+ qualys-cli mode agentic # set agentic
150
+ qualys-cli mode interactive # set interactive
151
+ ```
152
+
153
+ Or set per-shell with `export QUALYS_OUTPUT_MODE=agentic`.
154
+
155
+ ### Per-command output flags
156
+
157
+ These work on every command and override the mode default:
158
+
159
+ | Flag | Behaviour |
160
+ |-------------------------------|----------------------------------------------------------------|
161
+ | `--format json` | Full JSON to stdout |
162
+ | `--format jsonl` | One flattened JSON object per line (JSON Lines / NDJSON) |
163
+ | `--format yaml` | YAML to stdout |
164
+ | `--format table` | Rich table (forced) |
165
+ | `--limit 0` | Remove the default 25-row cap |
166
+ | `--output-file results.json` | Dump full data to file (extension picks JSON or YAML) |
167
+ | `-v`, `-vv` | Log requests (and response sizes); secrets never logged |
168
+
169
+ ## Examples by module
170
+
171
+ ### VM (Vulnerability Management)
172
+ ```bash
173
+ qualys-cli vm host list --ips 10.0.0.0/24
174
+ qualys-cli vm host detection --ips 10.0.0.0/24
175
+ qualys-cli vm scan launch --title "Weekly" --ip 10.0.1.0/24 --option-id 12345
176
+ qualys-cli vm scan fetch SCAN-REF-123 --output-file results.json
177
+ ```
178
+
179
+ ### Patch Management (PM)
180
+ ```bash
181
+ qualys-cli pm job list --format json
182
+ qualys-cli pm job create --name "Critical patches" \
183
+ --patch-ids "12345,67890" --asset-group-ids "AG-1"
184
+ qualys-cli pm patch list --severity Critical
185
+ ```
186
+
187
+ ### Web Application Scanning (WAS)
188
+ ```bash
189
+ qualys-cli was webapp list --name "prod"
190
+ qualys-cli was webapp get 12345
191
+ qualys-cli was scan launch --webapp-id 12345 --name "Nightly WAS"
192
+ qualys-cli was finding list --webapp-id 12345 --severity 5
193
+ qualys-cli was report download 99999 --output-file was-report.pdf
194
+ ```
195
+
196
+ ### TotalCloud (TC) — CSPM
197
+ ```bash
198
+ qualys-cli tc connector list --provider AWS
199
+ qualys-cli tc evaluation list --provider AWS --account-id 123456789012
200
+ qualys-cli tc rule list --cloud-type AWS --rule-type simple_alert
201
+ qualys-cli tc exception list
202
+ ```
203
+
204
+ ### Cloud Agent (CA), Container Security (CS), CSAM
205
+ ```bash
206
+ qualys-cli ca agent list --status Active
207
+ qualys-cli ca actkey create --title "Linux Prod" --modules VM,PC
208
+
209
+ qualys-cli cs image list --filter "vulns.severity5Count:>0"
210
+ qualys-cli cs image get <sha>
211
+ qualys-cli cs container list --severity Critical
212
+
213
+ qualys-cli csam asset list --updated-after 2026-01-01T00:00Z
214
+ qualys-cli csam vuln list-easm --filter "vulnerability.cvss=GREATER=7"
215
+ ```
216
+
217
+ ### Subscription, Asset, User
218
+ ```bash
219
+ qualys-cli sub info
220
+ qualys-cli sub export --output-file sub-backup.xml
221
+ qualys-cli asset ip add --ips 10.0.0.0/24 --tracking-method IP
222
+ qualys-cli user create --username jdoe --first-name Jane --last-name Doe \
223
+ --email jane@example.com --user-role scanner
224
+ ```
225
+
226
+ Tip: append `--help` to any command (e.g. `qualys-cli was scan launch --help`)
227
+ for the full flag set.
228
+
229
+ ## Documentation
230
+
231
+ A comprehensive usage reference with all 273 endpoints is included in the package:
232
+ - **Source install**: `docs/usage.html` in the repository
233
+ - **Pip install**: Located in your Python environment's `share/qualys-cli/docs/usage.html`
234
+
235
+ To find it after installation:
236
+ ```bash
237
+ python -c "import sys; print(sys.prefix + '/share/qualys-cli/docs/usage.html')"
238
+ ```
239
+
240
+ ## LLM / agent usage
241
+
242
+ The CLI is built to be safe to drive from a script or an AI agent:
243
+
244
+ ```bash
245
+ # JSON output (set agentic mode persistently, or use --format json per call)
246
+ qualys-cli mode agentic
247
+ qualys-cli vm host list | jq '.HOST_LIST_OUTPUT.RESPONSE.HOST_LIST'
248
+
249
+ # JSON Lines — one record per line, ideal for streaming
250
+ qualys-cli pm job list --format jsonl | jq -r '.id'
251
+
252
+ # Errors emitted as JSON on stderr when stderr is not a TTY
253
+ qualys-cli --profile nonexistent vm host list 2>/tmp/err.json
254
+ # {"error": "No username for profile 'nonexistent'...", "type": "configuration_error"}
255
+ ```
256
+
257
+ **Behaviour contract for agents:**
258
+ - `stdout` contains only data (JSON / JSONL / YAML / table text).
259
+ - `stderr` carries status, spinners, and human-readable errors. All decoration
260
+ is suppressed when stderr is not a TTY.
261
+ - Exit code `0` = success, `1` = any error.
262
+ - When stderr is not a TTY, errors are emitted as
263
+ `{"error": "...", "type": "..."}` JSON.
264
+
265
+ ## Authentication
266
+
267
+ | Module group | Auth | Endpoint family |
268
+ |----------------------------------------------|-------------|----------------------------------|
269
+ | VM, PC, Asset, User, ScanAuth, Sub, WAS | HTTP Basic | `/api/2.0/fo/`, `/qps/rest/` |
270
+ | TC, PM, ETM, CS, CSAM | JWT Bearer | API gateway (`/csapi/`, `/etm/`) |
271
+ | CA agent ops | HTTP Basic | `/qps/rest/` |
272
+ | CA activation-key / config | JWT Bearer | `/caui/v1/` |
273
+
274
+ JWT tokens are fetched via `POST /auth`, cached in `config.toml`, and
275
+ auto-refreshed on 401.
276
+
277
+ ## Development
278
+
279
+ ```bash
280
+ uv sync
281
+ uv run pytest # tests
282
+ uv run ruff check src/ # lint
283
+ uv run mypy src/ # type check
284
+ uv run qualys-cli --help # smoke
285
+ uv build # build sdist + wheel into dist/
286
+ ```
287
+
288
+ ### Regenerating commands from Qualys docs
289
+
290
+ The codegen pipeline is opt-in via the `codegen` extra (it pulls in
291
+ `anthropic`, `trafilatura`, `selectolax`, `pypdf`):
292
+
293
+ ```bash
294
+ uv sync --extra codegen
295
+ export ANTHROPIC_API_KEY=sk-ant-...
296
+ uv run scripts/ingest_docs.py # cache HTML pages
297
+ uv run scripts/extract_endpoints.py # LLM extraction → api-model.json
298
+ uv run scripts/generate_commands.py # regenerate commands/*.py
299
+ ```
300
+
301
+ Generated files are marked with `# Auto-generated from api-model.json` and are
302
+ safe to overwrite. Files without that header are treated as hand-edited and
303
+ left alone.
304
+
305
+ ## Releasing
306
+
307
+ Releases are published to PyPI by GitHub Actions on a tag push:
308
+
309
+ ```bash
310
+ # Bump version in pyproject.toml, update CHANGELOG.md, commit
311
+ git tag v0.1.1 && git push --tags
312
+ ```
313
+
314
+ PyPI publishing uses Trusted Publishing (OIDC) — no API token is stored.
315
+ Configure once at https://pypi.org/manage/project/qualys-cli/settings/publishing/.
316
+
317
+ ## License
318
+
319
+ [MIT](LICENSE)
@@ -0,0 +1,37 @@
1
+ qualys_cli/__init__.py,sha256=kUR5RAFc7HCeiqdlX36dZOHkUI5wI6V_43RpEcD8b-0,22
2
+ qualys_cli/__main__.py,sha256=JcKCCf0pDHy9rGeoenyn1Ivxsgqi9XYy6JpT5Z9SY00,213
3
+ qualys_cli/audit.py,sha256=bKWNqHOfPZCLRZp5ujcsvO5uSxg74EMZjo-aIwqvHuI,21497
4
+ qualys_cli/auth.py,sha256=3WI7RLhaD9OXWKCgEbE3B_oatalR9zOJ4-SaNpOHLpk,6906
5
+ qualys_cli/cache.py,sha256=oMmh9P2eZQWxw_O-0_hZ5madyVh03RCFSIrSMLCGw0w,3604
6
+ qualys_cli/cli.py,sha256=nrs0eYXPl0O_VelmhcVkSSceBpNzS4OQ8yoL6XJrZAs,45525
7
+ qualys_cli/client.py,sha256=5uH6gFvmkI_S_YpRkHjzv4OuUFxu7wHY25PJW1oRftg,40875
8
+ qualys_cli/config.py,sha256=lJhetjUyOa8YwmfROpK4zKxfHSQRO2mWdIXxz8vG6Xg,11568
9
+ qualys_cli/extras.py,sha256=Z0vbLaZuXPLuatYTOv0BzwUzpr8ZdOTsiG149CwRarE,27923
10
+ qualys_cli/flair.py,sha256=7FiYAVgznHsF2JRHBcBpZlNjg4Rq2SZvD4K68eQB3Mk,5461
11
+ qualys_cli/formatters.py,sha256=BuckH033AO_q8pXwm5rZ0_Fvy_eikZa3ZGv3DNtWNTQ,31243
12
+ qualys_cli/history.py,sha256=6pQx9O2Myl4LcV-kODzDTLIejZCkX_eABuyo-XTUv6Q,4378
13
+ qualys_cli/http_server.py,sha256=7g4rkgGNE04D09oPE7Lj5kOUoVrUUM3fHnnx_N-FvO0,5890
14
+ qualys_cli/mcp_server.py,sha256=VtHPs6Udvkh0FwsZLKXroI6wMWlFNa1xmowe1Omb9zM,12938
15
+ qualys_cli/metrics.py,sha256=RU7gO7T39UEhVoShnvZH9rk4NY0dxTiWC7fdlhVP1Xw,3496
16
+ qualys_cli/platforms.py,sha256=3e-YmLJHPI8oH4P9MCquho3596UcHKDwlDmtzgeTIqM,3224
17
+ qualys_cli/queries.py,sha256=_Vphbhmeo4FI3muEF57rRBPJ2rFEbP03fTVCQ47_Qy8,4871
18
+ qualys_cli/commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
19
+ qualys_cli/commands/asset.py,sha256=KZOURVTpm0zIh2BD-TxKNKSCNvuE5_SwMAZKSjUdtdE,7002
20
+ qualys_cli/commands/ca.py,sha256=QUHEuUGEWfUm-iLAfrMrjh4_gXR0AGV-Lpui_ROzIxQ,16885
21
+ qualys_cli/commands/cs.py,sha256=txFb7kNz_zcM0JPcQ-hMNtzMpTjFhZo-QiQByrOcJ7c,18806
22
+ qualys_cli/commands/csam.py,sha256=t27ju-oOSPYhHGYS9NzyBgI4ajFToKGHWGay44S8sUg,33081
23
+ qualys_cli/commands/etm.py,sha256=JK-50daNN0TMzloVcKZHjVczqC4Y8Pa_yjkb5bRxuSw,7098
24
+ qualys_cli/commands/pc.py,sha256=kY9EsLHsOMDN0u1ORaUfwdhwYtyTB_n4vjAsPgFoI-M,10672
25
+ qualys_cli/commands/pm.py,sha256=fVV42coKPizkdEQF1kamJS3SU7dkkKFEWQElAAbB_UM,17349
26
+ qualys_cli/commands/scanauth.py,sha256=qyH_y-mmyHzqadXQsgc8o6DUygU5lhKSkv_LpV-BfPI,12479
27
+ qualys_cli/commands/sub.py,sha256=nduho5lb1IzbYtQh2boACEWu61eyrhzhtjVNR7p7ONU,6373
28
+ qualys_cli/commands/tc.py,sha256=bjcnHZkNM_AvlAoX8xNn4Dh47OZmRA-2FaU7QIublPQ,22829
29
+ qualys_cli/commands/user.py,sha256=JxiSZ2pLvlVN4EjTDKvNSHsmmUtgO8qnW_ghSeLMyCU,4299
30
+ qualys_cli/commands/vm.py,sha256=ArbNywyoMxcQ_3daxOtJamHrI_lkmubXRPwZi7neIMI,23696
31
+ qualys_cli/commands/was.py,sha256=0JK-hSDaArrQiqeo1c1E2xDICXvvChOmTPf5nypCA4c,50717
32
+ qualys_cli-0.1.1.data/data/share/qualys-cli/docs/usage.html,sha256=drjMfohgWISQoPjiwBThftFXXUrNBxKen_WDT9Pjrtw,655941
33
+ qualys_cli-0.1.1.dist-info/METADATA,sha256=PUdht3v-vDlx6i0Rb8nXGbpsQ8LbetwRPQJVrDVgin8,12563
34
+ qualys_cli-0.1.1.dist-info/WHEEL,sha256=lCkmxWfQsSc9CfIClYeavTdQeEX2toPqufh9gI35EQA,87
35
+ qualys_cli-0.1.1.dist-info/entry_points.txt,sha256=TI_z7txhxW0GYPLixu797-w_-nQ_kCPdIjcuPogBp0A,51
36
+ qualys_cli-0.1.1.dist-info/licenses/LICENSE,sha256=Vs-y16X1Kz8pxGJ9Uy54ykGaLME6hetRYI6wajCS7Zs,1080
37
+ qualys_cli-0.1.1.dist-info/RECORD,,
@@ -0,0 +1,4 @@
1
+ Wheel-Version: 1.0
2
+ Generator: hatchling 1.31.0
3
+ Root-Is-Purelib: true
4
+ Tag: py3-none-any
@@ -0,0 +1,2 @@
1
+ [console_scripts]
2
+ qualys-cli = qualys_cli.cli:main
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 qualys-cli contributors
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.