Metadata-Version: 2.4
Name: assetquery
Version: 0.1.2
Summary: Asset query utility — find where software is deployed across GitHub, AWS, GCP, Azure, CrowdStrike, etc using CPE, PURL, or vendor/product/version.
Project-URL: Homepage, https://github.com/malloryai/assetquery
Project-URL: Repository, https://github.com/malloryai/assetquery
Project-URL: Issues, https://github.com/malloryai/assetquery/issues
Project-URL: Documentation, https://github.com/malloryai/assetquery#readme
Author-email: Mallory AI <support@mallory.ai>
License-Expression: Apache-2.0
License-File: LICENSE
Keywords: asset-management,aws,azure,cpe,crowdstrike,gcp,github,purl,sbom,security,vulnerability
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: System :: Systems Administration
Classifier: Typing :: Typed
Requires-Python: >=3.11
Requires-Dist: click>=8.0
Requires-Dist: httpx
Requires-Dist: packageurl-python
Requires-Dist: pydantic>=2.0
Requires-Dist: pyyaml
Requires-Dist: rich
Provides-Extra: all
Requires-Dist: azure-identity; extra == 'all'
Requires-Dist: azure-mgmt-resourcegraph; extra == 'all'
Requires-Dist: boto3; extra == 'all'
Requires-Dist: crowdstrike-falconpy; extra == 'all'
Requires-Dist: google-cloud-asset; extra == 'all'
Requires-Dist: google-cloud-securitycenter; extra == 'all'
Requires-Dist: pygithub; extra == 'all'
Provides-Extra: aws
Requires-Dist: boto3; extra == 'aws'
Provides-Extra: azure
Requires-Dist: azure-identity; extra == 'azure'
Requires-Dist: azure-mgmt-resourcegraph; extra == 'azure'
Provides-Extra: crowdstrike
Requires-Dist: crowdstrike-falconpy; extra == 'crowdstrike'
Provides-Extra: dev
Requires-Dist: ruff; extra == 'dev'
Provides-Extra: gcp
Requires-Dist: google-cloud-asset; extra == 'gcp'
Requires-Dist: google-cloud-securitycenter; extra == 'gcp'
Provides-Extra: github
Requires-Dist: pygithub; extra == 'github'
Provides-Extra: test
Requires-Dist: pytest; extra == 'test'
Requires-Dist: pytest-asyncio; extra == 'test'
Description-Content-Type: text/markdown

# assetquery – Asset Query Utility

Find where software is deployed across GitHub, AWS, GCP, Azure, and CrowdStrike using a common query language (CPE, PURL, or vendor/product/version).

## Install

```bash
# Core package (no cloud provider SDKs)
pip install assetquery

# With specific provider extras
pip install "assetquery[aws,github]"

# All providers
pip install "assetquery[all]"

# Or install as a CLI tool with uv / pipx
uv tool install "assetquery[all]"
pipx install "assetquery[all]"
```

## Quick start

```bash
# 1. Copy the example config
cp config.example.yaml ~/.mallory/assetquery/config.yaml

# 2. Enable the providers you need and add credentials (see Providers below)

# 3. Check provider health
assetquery providers

# 4. List all assets
assetquery list

# 5. Find where a library is deployed
assetquery find "pkg:pypi/requests@2.28.0"
```

## Usage

### Listing assets

```bash
# List everything from all enabled providers
assetquery list

# List from a specific provider
assetquery list --provider aws_resource_explorer

# List from multiple providers
assetquery list --provider aws_inspector,aws_security_hub

# Output as JSON
assetquery list --output json

# Verbose mode (debug output to stderr)
assetquery list -v
```

### Finding specific software

```bash
# Find by CPE
assetquery find "cpe:2.3:a:apache:log4j:2.14.0:*:*:*:*:*:*:*"

# Find by PURL
assetquery find "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.0"

# Find by vendor/product/version
assetquery find --vendor apache --product log4j --version 2.14.0

# Query specific providers only
assetquery find --provider github_dependabot,aws_inspector "pkg:pypi/requests@2.28.0"

# Batch from file (one CPE or PURL per line)
assetquery find --file targets.txt --output csv
```

### Listing a single repo's SBOM

```bash
assetquery list --provider github_dep_graph --repo malloryai/web
```

### Checking provider health

```bash
assetquery providers
```

### Output formats

All commands support `--output` (`-o`): `table` (default), `json`, `jsonl`, `csv`.

## Providers

assetquery supports 11 providers across 5 platforms. Each provider has its own authentication and configuration — see the linked docs for details.

### GitHub

| Provider            | What it queries                 | Docs                                                                       |
| ------------------- | ------------------------------- | -------------------------------------------------------------------------- |
| `github_dependabot` | Dependabot vulnerability alerts | [docs/providers/github_dependabot.md](docs/providers/github_dependabot.md) |
| `github_dep_graph`  | Dependency graph SBOMs          | [docs/providers/github_dep_graph.md](docs/providers/github_dep_graph.md)   |

**Auth:** `GITHUB_TOKEN` or `gh auth login`

### AWS

| Provider                | What it queries                   | Docs                                                                               |
| ----------------------- | --------------------------------- | ---------------------------------------------------------------------------------- |
| `aws_inspector`         | Inspector vulnerability findings  | [docs/providers/aws_inspector.md](docs/providers/aws_inspector.md)                 |
| `aws_security_hub`      | Security Hub aggregated findings  | [docs/providers/aws_security_hub.md](docs/providers/aws_security_hub.md)           |
| `aws_resource_explorer` | Resource inventory (all services) | [docs/providers/aws_resource_explorer.md](docs/providers/aws_resource_explorer.md) |

**Auth:** AWS SDK credential chain (`AWS_PROFILE`, `~/.aws/credentials`, env vars, IAM role)

### GCP

| Provider  | What it queries                   | Docs                                                   |
| --------- | --------------------------------- | ------------------------------------------------------ |
| `gcp_scc` | Security Command Center findings  | [docs/providers/gcp_scc.md](docs/providers/gcp_scc.md) |
| `gcp_cai` | Cloud Asset Inventory (resources) | [docs/providers/gcp_cai.md](docs/providers/gcp_cai.md) |

**Auth:** Application Default Credentials (`gcloud auth application-default login`, `GOOGLE_APPLICATION_CREDENTIALS`)

### Azure

| Provider               | What it queries                     | Docs                                                                             |
| ---------------------- | ----------------------------------- | -------------------------------------------------------------------------------- |
| `azure_resource_graph` | Resource Graph (resource inventory) | [docs/providers/azure_resource_graph.md](docs/providers/azure_resource_graph.md) |
| `azure_defender`       | Defender for Cloud assessments      | [docs/providers/azure_defender.md](docs/providers/azure_defender.md)             |

**Auth:** Azure SDK credential chain (`az login`, service principal env vars, managed identity)

### CrowdStrike

| Provider                | What it queries                  | Docs                                                                               |
| ----------------------- | -------------------------------- | ---------------------------------------------------------------------------------- |
| `crowdstrike_spotlight` | Falcon Spotlight vulnerabilities | [docs/providers/crowdstrike_spotlight.md](docs/providers/crowdstrike_spotlight.md) |

**Auth:** `CROWDSTRIKE_CLIENT_ID` + `CROWDSTRIKE_CLIENT_SECRET`

### Spektion

| Provider   | What it queries             | Docs                                                     |
| ---------- | --------------------------- | -------------------------------------------------------- |
| `spektion` | Endpoint software inventory | [docs/providers/spektion.md](docs/providers/spektion.md) |

**Auth:** `SPEKTION_API_KEY`

## Configuration

Config file: `~/.mallory/assetquery/config.yaml`

See [`config.example.yaml`](config.example.yaml) for a complete example with all providers.

Providers use ambient credentials where possible — API keys and secrets stay in your environment, not the config file.
