All notable changes to InsightVM-Python will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- ✨ Testing infrastructure with pytest, Codacy integration, and Docker utilities (PR #93)
- ✨ GitHub Copilot instructions with Context7 MCP integration (PR #98)
- ✨ Enhanced GitHub workflows: contributor welcome, CRDA static analysis, Codacy security scan (PR #99)
- ✨ Improved Pylint workflow configuration (PR #91)
- 🔧 Repository cleanup: removed all pycache files, properly configured .gitignore (PR #98, #101)
- 🔧 Fixed all GitHub Actions workflow failures (PR #96)
- 🔧 Improved security scanning with Bandit/CodeQL Action v3 (PR #93)
- 🔧 Replaced Codacy GitHub Action with official bash script for better security (PR #93)
- 🐛 BREAKING: Scan Engines API method conflicts (PR #95)
- Renamed methods to avoid BaseAPI conflicts:
get()→get_engine(),update()→update_engine(),delete()→delete_engine() - Added explicit type hints for sort parameters
- Fixed status filter in
get_available_engines()to only include 'active' - Updated all documentation (SCAN_ENGINES_API.md, MIGRATION.md, README.md)
- See MIGRATION.md for upgrade instructions
- Renamed methods to avoid BaseAPI conflicts:
- 🔥 BREAKING: Removed Palo Alto Cortex XDR integration from main codebase (PR #101)
- Moved to dedicated development branch for independent development
- Main repository now focuses exclusively on Rapid7 InsightVM functionality
- Palo Alto XDR code available in git history (commit 559a63e and earlier)
This is a major breaking release with significant improvements to the codebase. v2.0 is not backward compatible with v1.0. See MIGRATION.md for upgrade instructions.
- ✨ Modern authentication using
requests.auth.HTTPBasicAuth(industry standard) - ✨
InsightVMAuthclass for unified authentication - ✨
PlatformAuthclass for Rapid7 Platform API - ✨ Environment variable support with
python-dotenv - ✨ SSL verification configuration via
INSIGHTVM_VERIFY_SSLenvironment variable - ✨ Automatic credential validation on initialization
- ✨
InsightVMClient- Unified client with sub-clients pattern - ✨
BaseAPI- Foundation class for all API modules (inheritance pattern) - ✨ Context manager support for automatic cleanup
- ✨ Factory function
create_client()for convenience - ✨ Consistent error handling across all modules
- ✨ Configurable timeouts (connection and read)
- ✨
AssetAPIclass with comprehensive operations:list()- List assets with paginationget_asset()- Get individual asset detailssearch()- Advanced search with criteriaget_all()- Auto-pagination for bulk retrievalget_vulnerabilities()- Asset vulnerability dataget_software()- Software inventoryget_services()- Service informationget_tags()/add_tag()/remove_tag()- Tag management
- ✨
AssetGroupAPIclass with full CRUD:list()- List all asset groupsget_group()- Get group detailscreate()- Create new asset groupcreate_high_risk()- Convenience method for high-risk groupsupdate()- Update group propertiesdelete_group()- Delete asset groupget_assets()- Get group membersadd_asset()/remove_asset()- Manage membersget_tags()/add_tag()/remove_tag()- Tag operationssearch()- Search asset groups
- ✨ Comprehensive README with quick start guide
- ✨ Migration guide (MIGRATION.md) for v1.0 users
- ✨ Complete API reference (docs/API_REFERENCE.md)
- ✨ Practical usage examples (docs/EXAMPLES.md)
- ✨ Contributing guidelines (CONTRIBUTING.md)
- ✨ Environment configuration template (.env.example)
- ✨ Memory bank for project knowledge preservation
- ✨ Complete type hints throughout codebase
- ✨ Google-style docstrings for all public methods
- ✨ Clear import paths (
from rapid7 import InsightVMClient) - ✨ Standardized environment variable naming (
INSIGHTVM_*prefix) - ✨ requirements.txt for dependency management
-
🔥 BREAKING: Replaced manual Base64 encoding with HTTPBasicAuth
- Old: 8+ lines of manual encoding
- New: Single
HTTPBasicAuthobject
-
🔥 BREAKING: New unified client interface
- Old: Direct API calls with manual auth injection
- New:
client.assets.list()pattern with sub-clients
-
🔥 BREAKING: Import path changes
- Old:
from src.rapid7.api_r7_isvm import ... - New:
from rapid7 import InsightVMClient
- Old:
-
🔥 BREAKING: Environment variable format
- Old:
ivm_host,ivm_port(separate variables) - New:
INSIGHTVM_BASE_URL(combined URL with protocol) - Old: Custom names like
ivm_username - New: Standardized
INSIGHTVM_API_USERNAME
- Old:
-
🔥 BREAKING: Sites API Standardization
- Refactored Sites API to follow standardized BaseAPI pattern
- Removed custom helper methods from SiteAPI class:
get_all_sites(),filter_by_name_pattern(),filter_empty_sites()filter_by_ids(),mass_delete(),delete_by_pattern(),get_asset_count()
- Renamed methods to avoid BaseAPI conflicts:
get()→get_site()delete()→delete_site()
- Added standard CRUD operations matching scan_engines and scan_templates patterns:
list(),get_site(),create(),update(),delete_site()
- Added new resource access methods:
get_assets(),get_scan_engine(),get_scan_template()set_scan_engine(),set_scan_template()get_scans(),start_scan()get_included_targets(),set_included_targets()get_excluded_targets(),set_excluded_targets()
- Created
src/rapid7/tools/site_management.py:- New
SiteManagementToolsutility class - Preserves all custom helper functionality removed from core API
- Methods:
get_all_sites(),filter_by_name_pattern(),filter_empty_sites(),filter_by_ids(),mass_delete(),delete_by_pattern(),get_asset_count()
- New
- Migration: See
docs/SITE_MANAGEMENT.mdfor complete migration guide - Commit: f5980df
- ⚡ Simplified authentication (1 line vs 8+ lines)
- ⚡ Consistent API patterns across all modules
- ⚡ Better error handling with specific exception types
- ⚡ Type safety with comprehensive type hints
- ⚡ Cleaner code structure with package organization
- ⚡ Enterprise SSL certificate support (self-signed)
- ❌
src/rapid7/api_r7_auth.py→ Replaced byauth.py - ❌
src/rapid7/api_r7_auth_class.py→ Replaced byauth.py - ❌
src/rapid7/api_r7_api.py→ Replaced byapi/base.py - ❌
src/rapid7/api_r7_asset_group.py→ Replaced byapi/asset_groups.py - ❌
src/rapid7/api_r7_assets.py→ Functionality inapi/assets.py - ❌
src/rapid7/api_r7_isvm.py→ Functionality inapi/assets.py - ❌
src/rapid7/api_r7_isvm_get_assets.py→ Functionality inapi/assets.py - ❌
src/client.py→ Replaced bysrc/rapid7/client.py
- 🐛 SSL certificate verification now configurable for self-signed certificates
- 🐛 Timeout handling consistent across all HTTP methods
- 🐛 Import conflicts resolved with clean package structure
- 🐛 Credential validation prevents runtime errors
- ✅ Verified against live InsightVM instance
- ✅ Successfully retrieved 1182+ assets
- ✅ Authentication with HTTPBasicAuth confirmed working
- ✅ Self-signed certificate handling tested
- ✅ Asset group creation and management validated
For users upgrading from v1.0, please review MIGRATION.md for:
- Step-by-step migration instructions
- Code comparison examples
- Environment variable updates
- Import statement changes
- Common migration patterns
Estimated migration time: 30-60 minutes for typical usage
- Basic InsightVM API integration
- Functional authentication approach
- Asset retrieval capabilities
- Asset group creation
- Database storage support (PostgreSQL)
- Agent installation tools
- Manual Base64 authentication
- Manual authentication implementation (8+ lines)
- Scattered authentication code across multiple files
- No SSL verification configuration
- Inconsistent timeout handling
- Import conflicts with circular dependencies
We use Semantic Versioning:
- MAJOR version (X.0.0) - Incompatible API changes
- MINOR version (0.X.0) - New functionality (backward compatible)
- PATCH version (0.0.X) - Bug fixes (backward compatible)
- 🎉 Major Release - Breaking changes, new architecture
- ✨ Minor Release - New features, backward compatible
- 🐛 Patch Release - Bug fixes only
Changes are categorized as:
- Added - New features
- Changed - Changes to existing functionality
- Deprecated - Soon-to-be removed features
- Removed - Removed features
- Fixed - Bug fixes
- Security - Security improvements
Note: Pre-v1.0 development history not included in this changelog.