BLACKSHIELD

Public Guide

Get Started with the Python SDK

Automate findings triage, query threat intelligence, and ingest findings programmatically using the official BlackShield Python SDK. Audience: Security engineers, software developers, and automation teams. Typical setup time: 3 minutes.

quickstart

Use this if

Automate findings triage, query threat intelligence, and ingest findings programmatically using the official BlackShield Python SDK.

Audience
Security engineers, software developers, and automation teams
Typical time
3 minutes

Before You Begin

  • Create a tenant-scoped API Key in Settings → API Keys with appropriate scopes.
  • Ensure Python >= 3.10 is installed in your environment (Python 3.10, 3.11, 3.12, and 3.13 are supported).
  • Confirm that pip resolves client dependencies automatically, including `httpx` (>=0.27, <1) and `pydantic` (>=2.0, <3).
  • Ensure outbound HTTPS access to the platform API endpoint is allowed by your network.

Fast path

Copy a working starter, run it in your environment, then come back here for the deeper rollout details.

Demonstration only

This configuration is designed for ease of use. To deploy scanner clients at scale, please plan your deployment architecture accordingly or contact us for enterprise best practices.

Run This

installation.sh

bash
# 1. (Optional) Create and activate a Python virtual environment
python3 -m venv .venv
source .venv/bin/activate

# 2. Install the official BlackShield SDK from PyPI
# This will automatically resolve dependencies like httpx and pydantic
pip install blackshield-sdk

# 3. Verify the installation
python -c "import blackshield; print('SDK Version:', blackshield.__version__)"

quickstart_sync.py

python
import os
from blackshield import BlackShield

# 1. Initialize client
# The SDK automatically uses BLACKSHIELD_API_KEY and BLACKSHIELD_API_URL env vars
# if not passed explicitly.
client = BlackShield(
    api_key=os.environ.get("BLACKSHIELD_API_KEY", "sp_your_api_key"),
    base_url=os.environ.get("BLACKSHIELD_API_URL", "https://api.blackshield.chaplau.com")
)

# 2. Retrieve findings
try:
    page = client.findings.list(page_size=20)
    print(f"Retrieved {len(page.items)} findings.")
    for f in page.items:
        print(f"[{f.severity.upper()}] {f.title} - Status: {f.status}")
except Exception as e:
    print(f"Error querying findings: {e}")

ingest_async.py

python
import asyncio
import os
from datetime import datetime, timezone
from blackshield import AsyncBlackShield

async def main():
    # 1. Initialize asynchronous client
    client = AsyncBlackShield(
        api_key=os.environ.get("BLACKSHIELD_API_KEY", "sp_your_api_key"),
        base_url=os.environ.get("BLACKSHIELD_API_URL", "https://api.blackshield.chaplau.com")
    )

    # 2. Construct mock finding payload
    new_finding = {
        "finding_type": "vulnerability",
        "title": "Outdated Frontend Library dependency",
        "description": "React-DOM package has known cross-site scripting vulnerabilities.",
        "severity": "high",
        "affected_resource": {
            "resource_type": "repository",
            "resource_id": "github:blackshield-security/frontend",
            "resource_name": "frontend"
        },
        "source": {
            "scanner": "manual-sdk-script",
            "scanner_version": "1.0.0",
            "scan_started_at": datetime.now(timezone.utc).isoformat()
        },
        "dedup_key": "github:frontend:vuln:react-dom"
    }

    # 3. Submit finding
    try:
        async with client:
            job = await client.ingestion.ingest_findings(findings=[new_finding])
            print(f"Ingestion job accepted: {job.job_id} (Status: {job.status})")
    except Exception as e:
        print(f"Failed to ingest finding: {e}")

if __name__ == "__main__":
    asyncio.run(main())

Understand and customize

Use the guided steps below when you want to tailor the rollout, validate ownership, or expand the deployment safely.

Step 1

Create an API Key

Generate a tenant-scoped API key in Settings → API Keys to authorize your SDK client.

  • Open Settings → API Keys → New Key.
  • Select the required scopes (e.g., Ingestion, Read, or Admin depending on your needs).
  • Copy the key and save it securely — you cannot view it again.

What success looks like

A tenant-scoped API key is created and ready for use.

Open API Keys · Sign-in required

Step 2

Install the SDK

Install the official `blackshield-sdk` package from PyPI. The SDK requires Python >= 3.10 and depends on `httpx` (>=0.27, <1) and `pydantic` (>=2.0, <3), which are automatically installed.

  • Verify your Python version is 3.10 or higher (`python3 --version`).
  • Set up a virtual environment (recommended) to avoid dependency conflicts.
  • Run `pip install blackshield-sdk` to fetch and install the package from PyPI.

What success looks like

The blackshield-sdk package and its dependencies are installed locally in your environment.

View PyPI Package

Step 3

Write your first script

Initialize the BlackShield client and fetch active findings or submit new ones.

  • Import `blackshield` or `AsyncBlackShield` in your Python script.
  • Provide your API key and target API URL to the client constructor.
  • Query findings with `client.findings.list()` to confirm connectivity.

What success looks like

The SDK client successfully retrieves active findings from the platform API.

View Findings · Sign-in required

What success looks like

  • The client successfully authenticates and establishes a connection with the platform.
  • Findings are retrieved from the API without raising authentication or validation errors.
  • Custom findings are successfully posted to the ingestion endpoint and visible in the platform dashboard.
Get Started with the Python SDK | BlackShield Docs