Skip to main content

Official Python client for the ISMS platform (isms.sh)

Project description

isms

Official Python client for the ISMS platform.

ISMS is the open Information Security Management System that keeps policies, controls, risks, suppliers, incidents, and evidence in one place with a scriptable API. This library gives you the same surface as the isms CLI and the Go client, from Python, so you can seed data, automate audits, and build custom dashboards without touching the web UI.

Install

pip install isms-sdk

The distribution is isms-sdk; you import it as isms:

from isms import IsmsClient

Requires Python 3.10 or later.

Configure

Point the client at your ISMS deployment and give it an API token:

export ISMS_API_URL=https://your-org.isms.sh
export ISMS_API_TOKEN=<api-token>
# Only needed for a multi-org token on a bare domain; a subdomain URL
# (https://your-org.isms.sh) already selects the org server-side.
export ISMS_ORGANIZATION_UUID=<org-uuid>

Create the token from an admin session with isms server api-key create (CLI) or from the web UI. If your deployment sits behind Cloudflare Access, also set CF_ACCESS_CLIENT_ID and CF_ACCESS_CLIENT_SECRET.

If you already have an ISMS env file (KEY=VALUE per line, the same format the CLI reads), point ISMS_ENV at it and the client will load it for you:

export ISMS_ENV=/path/to/isms.env

Quickstart

from isms import IsmsClient

client = IsmsClient.from_env()

# Confirm the token
print(client.whoami.get())

# Add a supplier
supplier = client.suppliers.add({
    "name": "MaintMaster",
    "supplier_type": "saas",
    "criticality": "high",
    "data_access": True,
    "notes": "CMMS platform used across terminals.\n\n## Services\nMaintenance planning and work orders.",
})
print(supplier["identifier"], supplier["name"])

# Add a risk that came out of a leadership review
risk = client.risks.add({
    "title": "Environmental and sustainability governance gap",
    "description": "CSRD scope maturing; no environmental policy in the IMS.",
    "risk_type": "threat",
    "origin": "external",
    "category": "grc",
    "current_likelihood": 3,
    "current_impact": 3,
    "treatment": "mitigate",
    "status": "open",
})

# Record the event that surfaced the risk, and link them
event = client.incidents.create(
    {
        "title": "External stakeholder feedback on ESG governance",
        "description": "Financier lunch briefing raised ESG position and CSRD readiness.",
        "severity": "low",
        "source": "external",
        "incident_type": "event",
    },
    references=[{"type": "risk", "id": risk["identifier"]}],
)

# Track the treatment as a corrective action
ca = client.correctives.create({
    "title": "Publish substantive public sustainability page",
    "description": "Dedicated /sustainability page on stsplatform.com.",
    "source": "feedback",
    "severity": "observation",
})

# Explicit reference between the CA and the risk (in case the create-time
# reference flags are not yet available in your ISMS version).
client.references.create(
    source_type="corrective_action",
    source_id=str(ca["id"]),
    target_type="risk",
    target_id=risk["identifier"],
)

Resources

Each entity register is exposed as a namespace on the client:

Namespace Purpose
client.suppliers Supplier register
client.risks Risk register
client.incidents Incidents and events register
client.correctives Corrective actions
client.tasks Task register
client.references Cross-entity references
client.documents Document library
client.whoami Identity of the current API token

All resources expose list() and, where the API supports it, get(id), add(data) / create(data), update(id, data), and delete(id).

Errors

All errors inherit from isms.IsmsError:

  • IsmsAuthError — 401/403
  • IsmsNotFoundError — 404
  • IsmsValidationError — 400/422
  • IsmsHTTPError — other non-2xx responses

Development

git clone https://github.com/unidoc/isms-python
cd isms-python
python -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
pytest

Licence

Apache 2.0. See LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

isms_sdk-0.1.0.tar.gz (13.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

isms_sdk-0.1.0-py3-none-any.whl (13.1 kB view details)

Uploaded Python 3

File details

Details for the file isms_sdk-0.1.0.tar.gz.

File metadata

  • Download URL: isms_sdk-0.1.0.tar.gz
  • Upload date:
  • Size: 13.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for isms_sdk-0.1.0.tar.gz
Algorithm Hash digest
SHA256 ba01c829b015931826f4dc78a364786ca63d716c811d4a5ded890ad97fa2fdca
MD5 c7b1faa3502c8c91816c3ef24224155e
BLAKE2b-256 ceb27591229cd770e2d97c430027f59f654cdfd48289ff954764fc970f0b511a

See more details on using hashes here.

Provenance

The following attestation bundles were made for isms_sdk-0.1.0.tar.gz:

Publisher: release.yml on unidoc/isms-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file isms_sdk-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: isms_sdk-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 13.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for isms_sdk-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 f2d4db1152b41d7e914b366c2ad36a8c651fa4393753ebae32846675c55e74e7
MD5 7c1e9a6f4af24ceb1636fc7a3cbbe842
BLAKE2b-256 1c913b8047327e2f4a5d84fb1c4546a2b4bf3ea986f0a557ee74167ead63c0c6

See more details on using hashes here.

Provenance

The following attestation bundles were made for isms_sdk-0.1.0-py3-none-any.whl:

Publisher: release.yml on unidoc/isms-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page