
Product
Secure Your AI-Generated Code with Socket MCP
Socket MCP brings real-time security checks to AI-generated code, helping developers catch risky dependencies before they enter the codebase.
This Python package contains an SDK to interact with the API of the Zanshin SaaS service from Tenchi Security.
This SDK is used to implement a command-line utility, which is available on Github and on PyPI.
There are three ways that the SDK handles credentials. The order of evaluation is:
When calling the Client
class, you can pass the values API Key, API URL, Proxy URL and User Agent you want to use as below:
from zanshinsdk import Client
client = Client(api_key="my_zanshin_api_key")
print(client.get_me())
:warning: These values will overwrite anything you set as Environment Variables or in the Config File.
You can use the following Environment Variables to configure Zanshin SDK:
ZANSHIN_API_KEY
: Will setup your Zanshin credentialsZANSHIN_API_URL
: Will define the API URL. Default is https://api.zanshin.tenchisecurity.com
ZANSHIN_USER_AGENT
: If you want to overwrite the User Agent when calling Zanshin APIHTTP_PROXY | HTTPS_PROXY
: Zanshin SDK uses HTTPX under the hood, checkout the Environment Variables section of their documentation for more use casesexport ZANSHIN_API_KEY="eyJhbGciOiJIU..."
:warning: These Environment Variables will overwrite anything you set on the Config File.
Second is by using a configuration file in the format created by the Python RawConfigParser class.
The file is located at ~/.tenchi/config
, where ~
is the current user's home directory.
Each section is treated as a configuration profile, and the SDK will look for a section called default
if another is not explicitly selected.
These are the supported options:
api_key
(required) which contains the Zanshin API key obtained at the Zanshin web portal.user_agent
(optional) allows you to override the default user-agent header used by the SDK when making API requests.api_url
(optional) directs the SDK to use a different API endpoint than the default (https://api.zanshin.tenchisecurity.com).This is what a minimal configuration file looks like:
[default]
api_key = abcdefghijklmnopqrstuvxyz
The SDK uses Python 3 type hints extensively. It attempts to abstract API artifacts such as pagination by using Python generators, thus making the service easier to interact with.
The network connections are done using the wonderful httpx library.
Currently it focuses on returning the parsed JSON values instead of converting them into native classes for higher level abstractions.
The zanshinsdk.Client
class is the main entry point of the SDK. Here is a quick example that shows information about the owner of the API key in use:
from zanshinsdk import Client
from json import dumps
client = Client() # loads API key from the "default" profile in ~/.tenchi/config
me = client.get_me() # calls /me API endpoint
print(dumps(me, indent=4))
For more examples, checkout the docs.
All operations call raise_for_status
on the httpx Response object internally, so any 4xx or 5xx will raise exceptions.
To install the SDK, you can use pip
. You have two options to install ZanshinSDK:
Using pip install zanshinsdk
will install the SDK with all features exception ability to perform onboarding of new Scan Targets. For this, you'll need to install boto3.
With pip install zanshinsdk[with_boto3]
you'll automatically install boto3 along with ZanshinSDK. This will enable you to perform Onboard of new Scan Targets via SDK.
To run all tests call make test
on the project root directory. Make sure there's a [default]
profile configured, else some tests will fail.
Also, be sure to install boto3
and moto[all]
or some integration tests will fail.
If you are a Zanshin customer and have any questions regarding the use of the service, its API or this SDK package, please get in touch via e-mail at support {at} tenchisecurity {dot} com or via the support widget on the Zanshin Portal.
FAQs
Python SDK to access the Tenchi Security Zanshin API v1
We found that zanshin-sdk-python demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket MCP brings real-time security checks to AI-generated code, helping developers catch risky dependencies before they enter the codebase.
Security News
As vulnerability data bottlenecks grow, the federal government is formally investigating NIST’s handling of the National Vulnerability Database.
Research
Security News
Socket’s Threat Research Team has uncovered 60 npm packages using post-install scripts to silently exfiltrate hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.