Demisto SDK
The Demisto SDK is a Python library designed to aid the development process, both to validate entities being developed and to assist in the interaction between your development setup and Cortex XSOAR or Cortex XSIAM.
Requirements:
- Python 3.9, 3.10 or 3.11.
- git installed.
- A linux, mac or WSL2 machine.
Windows machines are not supported - use WSL2 or run in a container instead.
Usage
Installation
- Install -
pip3 install demisto-sdk
- Upgrade -
pip3 install --upgrade demisto-sdk
Environment Variable Setup
Connect demisto-sdk with Cortex XSOAR server - Some SDK commands require you to have an interaction with the Cortex XSOAR or Cortex XSIAM server. Examples of such interactions
include uploading and downloading entities to or from XSOAR or XSIAM and running commands in the CLI.
To use these functions, Set the following environment variables, or place an .env file at the root of the content pack:
For Cortex XSOAR 6.x Only
-
Get your API key by going to the Cortex XSOAR server -> Settings
-> Integrations
-> API Keys
-> Get Your Key
-> Give your key a name and press Generate Key
.
-
Copy the given key.
-
Add the following parameters to ~/.zshrc
and ~/.bash_profile
:
export DEMISTO_BASE_URL=<http or https>://<demisto-server url or ip>:<port>
export DEMISTO_API_KEY=<API key>
For Cortex XSIAM or Cortex XSOAR 8.x and above
-
The base URL should be retrieved from the XSIAM instance by navigating to Settings
-> Configurations
-> API Keys
-> clicking on the Copy URL
button located at the top right corner of the page, and not the browser URL.
-
The API key should be set to a Standard security level and must have the Instance Administrator role.
-
The XSIAM_AUTH_ID
environment variable needs to be set. Get it from the ID
column of the created API Key.
-
Add the following parameters to ~/.zshrc
and ~/.bash_profile
:
export DEMISTO_BASE_URL=<BASE_URL>
export DEMISTO_API_KEY=<API_KEY>
export XSIAM_AUTH_ID=<THE_XSIAM_AUTH_ID>
-
Please note that once the XSIAM_AUTH_ID
environment variable is set, the SDK commands will be configured to work with a Cortex XSIAM / XSOAR 8.x instance.
In order to set Demisto SDK to work with a Cortex XSOAR 6.x instance, you need to delete the XSIAM_AUTH_ID
parameter from your environment. To do this, please run the following command:
unset XSIAM_AUTH_ID
-
In case the primary git branch is not master, or the upstream is not named origin, set them with environment variables:
export DEMISTO_DEFAULT_BRANCH = <branch name here>
export DEMISTO_DEFAULT_REMOTE = <upstream name here>
For more configurations, check the demisto-py repo (the SDK uses demisto-py to communicate with Cortex XSOAR).
-
For the Validate and Format commands to work properly:
- Install node.js, and make sure @mdx-js/mdx
, fs-extra
and commander
are installed in node-modules folder (npm install ...
).
- Set the DEMISTO_README_VALIDATION
environment variable to True.
MDX is used to validate markdown files, and make sure they render properly on XSOAR and [xsoar.pan.dev](https://xsoar.pan.dev).
-
Reload your terminal.
CLI usage
You can use the SDK in the CLI as follows:
demisto-sdk <command> <args>
For more information, run demisto-sdk -h
.
For more information on a specific command execute demisto-sdk <command> -h
.
Content path
The demisto-sdk is made to work with Cortex content, structured similar to the official Cortex content repo.
Demisto-SDK commands work best when called from the content directory or any of its subfolders.
To run Demisto-SDK commands from other folders, you may set the DEMISTO_SDK_CONTENT_PATH
environment variable.
We recommend running all demisto-SDK commands from a folder with a git repo, or any of its subfolders. To suppress warnings about running commands outside a content repo folder, set the DEMISTO_SDK_IGNORE_CONTENT_WARNING
environment variable.
Version Check
demisto-sdk
will check against the GitHub repository releases for a new version every time it runs and will issue a warning if you are not using the latest and greatest. If you wish to skip this check you can set the environment variable: DEMISTO_SDK_SKIP_VERSION_CHECK
. For example:
export DEMISTO_SDK_SKIP_VERSION_CHECK=yes
Run using Docker image
You can run the Demisto-SDK using a docker image. For more details go to Demisto-SDK Docker.
Commands
Supported commands:
- init
- Validate
- Pre-Commit
- Secrets
- Prepare-Content
- Split
- Format
- Run
- Run-playbook
- Upload
- Download
- Generate-docs
- Generate-test-playbook
- Generate-outputs
- Update-release-notes
- Zip-packs
- openapi-codegen
- postman-codegen
- generate-integration
- generate-yml-from-python
- generate-unit-tests
- setup-env
Logs
Log files are generated and stored automatically by default in the user's home directory:
Linux / macOS: $HOME/.demisto-sdk/logs
Windows: %USERPROFILE%\.demisto-sdk\logs
The default directory can be overriden using the --log-file-path
flag, or the DEMISTO_SDK_LOG_FILE_PATH
environment variable.
Customizable command configuration
You can create your own configuration for the demisto-sdk
commands by creating a file named .demisto-sdk-conf
within the directory from which you run the commands.
This file will enable you to set a default value to the existing command flags that will take effect whenever the command is run.
This can be done by entering the following structure into the file:
[command_name]
flag_name=flag_default_value
Note: Make sure to use the flag's full name and input _
instead of a -
if it exists in the flag name (e.g. instead of no-docker-checks
use no_docker_checks
).
Here are a few examples:
-
As a user, I would like to include untracked git files in my validation when running the validate
command. In the .demisto-sdk-conf
file I'll enter:
[validate]
include_untracked=true
-
As a user, I would like to automatically use minor version changes when running the update-release-notes
command. In the .demisto-sdk-conf
file I'll enter:
[update-release-notes]
update_type=minor
License
MIT - See LICENSE for more information.
How to setup a development environment?
Follow the guide found here to setup your demisto-sdk
dev environment.
The development environment is connected to the branch you are currently using in the SDK repository.
Contributions
Contributions are welcome and appreciated.
For information regarding contributing, press here.
Internet Connection
An internet connection is required for the following commands to work properly:
- Format
- Validate
- Update-release-notes
- Pre-commit
Note that the Download command will work only partially without an internet connection, it will fail when using the '-fmt, --run-format' argument.
-
When working offline (or in an airgapped environment), set the DEMISTO_SDK_OFFLINE_ENV
environment variable to true
:
export DEMISTO_SDK_OFFLINE_ENV=TRUE
When set, Demisto-SDK features requiring an internet connection will not be run, often saving some time and avoiding errors.
Docker Usage
Docker is required to run certain commands.
The following command requires Docker:
- setup-env
However, some commands can be executed partially without Docker:
- Format - To run without Docker, use the
--no-graph
flag. - Generate-docs - To run without Docker, use the
--no-graph
flag. - Validate - To skip Docker validation, use the
--no-docker-checks
flag. - pre-commit - To run without Docker hooks, use the
--no-docker
flag.
XSOAR CI/CD
For information regarding XSOAR CI/CD, please see this article
Custom Container Registry
By default, the demisto-sdk
will use dockerhub
as the container registry to pull the integrations and scripts docker image.
In order configure a custom container registry, the following environment variables must be set:
DEMISTO_SDK_CONTAINER_REGISTRY
: the URL of the container registry.DEMISTO_SDK_CR_USER
: the username to use in the container registry.DEMISTO_SDK_CR_PASSWORD
: the password to use in the container registry.