Updated GH Action Workflows

.actrc

@@ -1 +1,2 @@
 -P ubuntu-latest=catthehacker/ubuntu:act-latest
+--secret-file .env

.github/workflows/deploy.yml

@@ -8,31 +8,24 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
+      - uses: actions/checkout@v6
+      - uses: actions/setup-python@v6
         with:
-          python-version: 3.12
-      - uses: astral-sh/setup-uv@v4
+          python-version: "3.12"
+      - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b
+      - uses: extractions/setup-just@v4
       - uses: snyk/actions/setup@master
 
       - name: Build package
         run: uv build
 
-      - name: Export requirements for Snyk
-        run: |
-          uv pip compile pyproject.toml -o requirements.txt
-          pip3 install -r requirements.txt
-
-      - name: Snyk Scan
-        uses: snyk/actions/python-3.12@master
+      - name: Snyk Scans
+        run: just snyk
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          args: --severity-threshold=high
 
       - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@v1.13.0
-        with:
-          skip_existing: true
-          user: __token__
-          password: ${{ secrets.PYPI_API_TOKEN }}
+        run: uv publish
+        env:
+          UV_PUBLISH_USERNAME: __token__
+          UV_PUBLISH_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}

.github/workflows/snyk_main.yml

@@ -1,4 +1,4 @@
-name: Testing Pipeline
+name: Security Testing Pipeline
 
 on:
   push:
@@ -10,27 +10,19 @@ jobs:
   security_tests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
+      - uses: actions/checkout@v6
+      - uses: actions/setup-python@v6
         with:
-          python-version: "3.10"
-      - uses: astral-sh/setup-uv@v4
+          python-version: "3.12"
+      - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b
+      - uses: snyk/actions/setup@master
+      - uses: extractions/setup-just@v4
 
-      - name: Run pip-audit
-        run: |
-          uv export --format requirements-txt | uv tool run pip-audit --ignore-vuln GHSA-4xh5-x5gv-qwph
-
-      - name: Run Bandit code auditor
-        run: uv tool run --with "bandit[toml,baseline,sarif]" bandit -c pyproject.toml -r . -ll
-
-      - name: Export & Install requirements to run Snyk
-        run: |
-          uv pip compile pyproject.toml -o requirements.txt
-          pip3 install -r requirements.txt
+      - name: OSS Security Audits
+        run: just audit
 
       - name: Snyk Scan
-        uses: snyk/actions/python-3.12@master
+        run: just snyk
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          args: --severity-threshold=high
+          SNYK_CFG_ORG: ${{ secrets.SNYK_CFG_ORG }}

.github/workflows/testing.yml

@@ -18,23 +18,15 @@ jobs:
           - "3.14"
 
     steps:
-      - uses: actions/checkout@v4
-      - uses: astral-sh/setup-uv@v4
+      - uses: actions/checkout@v6
+      - uses: extractions/setup-just@v4
+      - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b
         with:
           python-version: ${{ matrix.python-version }}
-
-      - name: Install dependencies
-        run: uv sync --all-extras --dev
-
-      - name: Run code linting
-        run: uv run ruff check tenable --exit-zero
-
-      - name: Run unit tests
-        run: |
-          uv run pytest \
-            --vcr-record=none \
-            --cov-report=xml:coverage.xml \
-            --cov-fail-under=95
+      - name: "Code Formating and Linting"
+        run: just lint $UV_PYTHON
+      - name: "Unit Testing"
+        run: just unit-tests $UV_PYTHON
 
   code-assessments:
     runs-on: ubuntu-latest
@@ -43,8 +35,6 @@ jobs:
       - uses: astral-sh/setup-uv@v4
         with:
           python-version: "3.12"
-      - name: Run pip-audit
-        run: uv export --format requirements-txt | uv tool run pip-audit --ignore-vuln GHSA-4xh5-x5gv-qwph
-
-      - name: Run Bandit code auditor
-        run: uv tool run --with "bandit[toml,baseline,sarif]" bandit -c pyproject.toml -r . -ll
+      - uses: extractions/setup-just@v4
+      - name: "Code Audits"
+        run: just audit

.gitignore

@@ -8,6 +8,7 @@ docs/source/tenable*.rst
 .pytest_cache
 *.json
 *.log
+.env
 .coverage
 /test_certs
 .python-version
@@ -25,4 +26,4 @@ Jenkinsfile
 .idea
 /dist
 sync_job_example_run.py
-__MACOSX
+__MACOSX

.snyk

@@ -1,10 +1,35 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.22.1
+version: v1.25.1
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
+  SNYK-PYTHON-URLLIB3-10390194:
+    - '*':
+        reason: 'Module not effected, old version only used in testing pipeline'
+        expires: 2027-12-31T00:00:00.000Z
+        created: 2026-05-27T18:41:30.153Z
+  SNYK-PYTHON-URLLIB3-14896210:
+    - '*':
+        reason: 'Module not effected, old version only used in testing pipeline'
+        expires: 2027-12-31T00:00:00.000Z
+        created: 2026-05-27T18:41:54.905Z
+  SNYK-PYTHON-URLLIB3-14192442:
+    - '*':
+        reason: 'Module not effected, old version only used in testing pipeline'
+        expires: 2027-12-31T00:00:00.000Z
+        created: 2026-05-27T18:42:23.245Z
+  SNYK-PYTHON-URLLIB3-16642024:
+    - '*':
+        reason: 'Module not effected, old version only used in testing pipeline'
+        expires: 2027-12-31T00:00:00.000Z
+        created: 2026-05-27T18:42:45.102Z
+  SNYK-PYTHON-URLLIB3-14192443:
+    - '*':
+        reason: 'Module not effected, old version only used in testing pipeline'
+        expires: 2027-12-31T00:00:00.000Z
+        created: 2026-05-27T18:43:01.790Z
   'snyk:lic:pip:certifi:MPL-2.0':
     - '*':
-        reason: Requests Library License
-        expires: 2029-12-31T00:00:00.000Z
-        created: 2021-10-25T22:36:54.046Z
+        reason: Requests License
+        expires: 2027-12-31T00:00:00.000Z
+        created: 2026-05-27T19:37:21.257Z
 patch: {}

Justfile

@@ -1,4 +1,8 @@
 pkg_folder := "tenable"
+repo := "https://github.com/tenable/pyTenable"
+snyk_org := "pytenable"
+snyk_args := "--org='" + snyk_org + "' --remote-repo-url='" + repo + "'"
+name := "pyTenable"
 
 
 [parallel]
@@ -10,15 +14,32 @@ docs:
     sphinx-build -M clean docs docs/_build
     sphinx-build -M html docs docs/_build
 
-test-py version: (lint version) (unit-tests version) #audit
+test-py version: (lint version) (unit-tests version) audit
 
 lint version:
-    uv run --python {{version}} --isolated --group dev mypy {{pkg_folder}}
-    uv run --python {{version}} --isolated --group dev ty check {{pkg_folder}}
-    uv run --python {{version}} --isolated --group dev ruff check {{pkg_folder}}
+    #uv run --python {{version}} --isolated --group dev mypy {{pkg_folder}}
+    #uv run --python {{version}} --isolated --group dev ty check {{pkg_folder}}
+    uv run --python {{ version }} --isolated --group dev ruff check {{ pkg_folder }}
 
 unit-tests version:
-    uv run --python {{version}} --isolated --group dev pytest -q --cov-fail-under 80
+    uv run --python {{ version }} --isolated --group dev pytest -q --cov-fail-under 80
 
 audit:
-    uv audit --no-group test --no-group dev --no-group docs
+    # urllib3 1.x issues relating to the requirement
+    # to install <2 for the development pipeline as
+    # it relies on pytest-vcr and a lot of old VCR
+    # recordings that break in newer versions. These
+    # should be removed once the VCR requirement is
+    # no longer necessary.
+    uv audit -U --no-group test --no-group dev --no-group docs \
+        --ignore GHSA-2xpw-w6gg-jr37 \
+        --ignore GHSA-38jv-5279-wg99 \
+        --ignore GHSA-gm62-xv2j-4w53 \
+        --ignore GHSA-pq67-6m6q-mj2v \
+        --ignore GHSA-qccp-gfcp-xxvc \
+        --ignore PYSEC-2026-141
+    uv tool run --with "bandit[toml,baseline,sarif]" bandit -c pyproject.toml -r . -ll
+
+snyk:
+    snyk monitor {{ snyk_args }}
+    snyk code test {{ snyk_args }} --severity-threshold=high --project-name="Code Analysis" --report {{ pkg_folder }}

pyproject.toml

@@ -136,7 +136,6 @@ dev = [
     "mock>=5.1.0",
     "pytest-cov>=4.1.0",
     "pytest-datafiles>=3.0.0",
-    "pytest-vcr>=1.0.2",
     "pytest>=8,<9",
     "responses>=0.23.3",
     "ruff>=0.6.4",
@@ -146,4 +145,5 @@ dev = [
     "typer>=0.20.0",
     "mypy>=1.18.2",
     "rust-just>=1.51.0",
+    "pytest-vcr>=1.0.2",
 ]

tenable/io/tags.py

@@ -573,10 +573,7 @@ def edit(
             payload['filters'] = current['filters']
 
         return self._api.put(
-            'tags/values/{}'.format(
-                scrub(self._check('tag_value_uuid', tag_value_uuid, 'uuid')),
-                json=payload,
-            )
+            f'tags/values/{scrub(tag_value_uuid)}', json=payload
         ).json()
 
     def edit_category(self, tag_category_uuid, name=None, description=None):
@@ -606,10 +603,7 @@ def edit_category(self, tag_category_uuid, name=None, description=None):
         if description:
             payload['description'] = self._check('description', description, str)
         return self._api.put(
-            'tags/categories/{}'.format(
-                scrub(self._check('tag_category_uuid', tag_category_uuid, 'uuid')),
-                json=payload,
-            )
+            f'tags/categories/{scrub(tag_category_uuid)}', json=payload
         ).json()
 
     def _tag_list_constructor(self, filters, filterdefs, filter_type, sort):

tenable/version.py

@@ -1,2 +1,2 @@
-version = '26.05.01'
+version = '26.6.1'
 version_info = tuple(int(d) for d in version.split('-')[0].split('.'))