DevSecOps

Details
Content
Dependencies
Version History

DevSecOps CI/CD Orchestration Integration Pack.

DevSecOps content pack contains multiple integrations and playbooks to help shifting security as left as the planning stage of a continues integration pipeline and make DevSecOps orchestration to be within reach.

While CI/CD orchestration tools such as Jenkins, CircleCI and others were primarily built by and to developers, SOAR is better positioned to bridge this orchestration gap between DevOps and SecOps for the following reasons:

CI/CD orchestration pipelines are arguably easy to read and troubleshoot by developers , SOAR provides the same orchestration workflow in two different formats that are readable by both Developers and Security Analysts.
SOAR provides way more to a DevSecOps Eco-System than CI/CD Orchestrator does:
- Collaboration between teams members in the Eco-System.
- Cases management.
- Central reporting and long list of out of box integrations with security tools.

With SOAR integrations, playbooks, fields, XSOAR can be turned into a DevSecOps Orchestrator that taps in a DevSecOps Eco-System and solve for a spectrum of use cases in different stages of CI/CD piplines.

From threat-modeling in the Planning stage to IaC security in Dev, static code analysis in Build, post deployment scans in Deploy and Monitoring/Responding to incidents once the code is running in production.

This content pack will be updated with more integrations with different software factory tools:

IDE's
Code Repo Providers
CI/CD Orchestrators
Code Compilers/Builders/Packagers
Workload Orchestration Platforms
Configuration Automation Tools
Threat Modelers
SAST/DAST/IAST Tools
Vulnerability Scanners
Networks Security Tools
Asset Management Tools
Log Management Tools
Ticketing Systems

This version of the pack has four integrations :

LGTM, a SAST cloud service built on CodeQL
GitLab, a source code management platform
Docker Engine, an open source containerization platform
MinIO, a high-performance object storage suite

A new incident type along with new fields:

DevSecOps New Git PR

A new playbook:

A PR triage Playbook that parse and record the PR details once fetched by the Github integration.

CI/CD orchestration pipelines are arguably easy to read and troubleshoot by developers , SOAR provides the same orchestration workflow in two different formats that are readable by both Developers and Security Analysts.
SOAR provides way more to a DevSecOps Eco-System than CI/CD Orchestrator does:
- Collaboration between teams members in the Eco-System.
- Cases management.
- Central reporting and long list of out of box integrations with security tools.

This content pack will be updated with more integrations with different software factory tools:

IDE's
Code Repo Providers
CI/CD Orchestrators
Code Compilers/Builders/Packagers
Workload Orchestration Platforms
Configuration Automation Tools
Threat Modelers
SAST/DAST/IAST Tools
Vulnerability Scanners
Networks Security Tools
Asset Management Tools
Log Management Tools
Ticketing Systems

This version of the pack has four integrations :

LGTM, a SAST cloud service built on CodeQL
GitLab, a source code management platform
Docker Engine, an open source containerization platform
MinIO, a high-performance object storage suite

A new incident type along with new fields:

DevSecOps New Git PR

A new playbook:

A PR triage Playbook that parse and record the PR details once fetched by the Github integration.

Classifiers

Name	Description
Github Classifier	Github Classifier
GitHub Mapper

Incident Fields

Name	Description
DevSecOps LGTM Analysis ID
DevSecOps PR Assignees
DevSecOps Git Issue Details
DevSecOps Before Commit ID
DevSecOps Git Pusher Name
DevSecOps PR Head Commit
DevSecOps LGTM Project Status
DevSecOps Project ID
DevSecOps IaC Vulnerability Severity
DevSecOps LGTM Project Config
DevSecOps PR Closed At
DevSecOps Head Commit URL
DevSecOps Commit Committer
DevSecOps PR Created At
DevSecOps Repository URL
DevSecOps CodeQL Alerts
DevSecOps App Task Action
DevSecOps IaC Vulnerability Description
DevSecOps PR Mergeable State
DevSecOps PR Commits
DevSecOps LGTM Project Grade
DevSecOps PR Number
DevSecOps IaC Vulnerability
DevSecOps PR Updated At
DevSecOps PR Pushed At
DevSecOps PR Title
DevSecOps App Task PR ID
DevSecOps App Task Started At
DevSecOps PR ID
DevSecOps Head Commit Message
DevSecOps App Task App Name
DevSecOps PR Base Label
DevSecOps PR Watchers
DevSecOps LGTM Project Name
DevSecOps Head Commit Commiter
DevSecOps App Task PR Number
DevSecOps PR Installation ID
DevSecOps PR Body
DevSecOps App Task Output Title
DevSecOps Language
DevSecOps App Task Status
DevSecOps LGTM Analysis Project ID
DevSecOps Commit Modified Files
DevSecOps App Task Output Summary
DevSecOps App Task Head Commit
DevSecOps Repository Name
DevSecOps Head Commit Tree ID
DevSecOps PR Comments
DevSecOps Head Commit Author
DevSecOps Head Commit ID
DevSecOps PR Changed Files
DevSecOps LGTM Analysis Status
DevSecOps PR Deletions
DevSecOps LGTM Project URL
DevSecOps Repository ID
DevSecOps App Task Completed At
DevSecOps App Task App ID
DevSecOps PR Head ID
DevSecOps PR Size
DevSecOps PR Action
DevSecOps Commit Author
DevSecOps LGTM Project Language
DevSecOps App Task Id
DevSecOps Developer Email
DevSecOps App Task Name
DevSecOps Commit TimeStamp
DevSecOps Commit ID
DevSecOps Commit URL
DevSecOps IaC Vulnerable Files
DevSecOps Commit Message
DevSecOps PR Assignee
DevSecOps PR State
DevSecOps App Task Conclusion
DevSecOps Analysis ID
DevSecOps PR Base Size
DevSecOps Git Issue Number
DevSecOps App Task Owner Login
DevSecOps PR Head Open Issues
DevSecOps PR Branch
DevSecOps Organization Name
DevSecOps Head Commit TimeStamp
DevSecOps LGTM Analysis Logs URL
DevSecOps Developer Name
DevSecOps Commit Tree ID
DevSecOps After Commit ID
DevSecOps Repository Organization
DevSecOps LGTM Project ID
DevSecOps LGTM Analysis Results URL
DevSecOps PR Additions

Incident Types

Name	Description
DevSecOps New Git PR

Indicator Fields

Name	Description
DevSecOps SAST Precision
DevSecOps SAST Category
DevSecOps Message
DevSecOps Commit ID
DevSecOps SAST Severity
DevSecOps Rule ID

Integrations

Name	Description
LGTM (Community Contribution)	An Integration with LGTM API
GitLab (Deprecated) (Community Contribution)	Deprecated. Use GitLab v2 in GitLab Pack instead.
Docker Engine API (Community Contribution)	The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
MinIO (Community Contribution)	An Integration with MinIO Object Storage.

Layouts

Name	Description
New Git PR

Playbooks

Name	Description
DevSecOps - Fetch PR - Triage V2	A PR Triage Playbook
DevSecOps - LGTM - Analysis - SubPB	A CodeQL Code Analysis Playbook
DevSecOps - LGTM - Analysis - SubPB v2	A CodeQL Code Analysis Playbook
DevSecOps - Prisma - Analysis -SubPB	Prisma Task Analysis Playbook
DevSecOps - Fetch PR - Triage	A CodeQL Code Analysis Playbook

Indicator Types

Name	Description
DevSecOps SAST Alert
DevSecOps IaC Scan Alert
DevSecOps Git Commit

Classifiers

Name	Description
Github Classifier	Github Classifier
GitHub Mapper

Incident Fields

Name	Description
DevSecOps PR Title
DevSecOps Developer Name
DevSecOps PR Action
DevSecOps App Task Owner Login
DevSecOps PR Commits
DevSecOps Git Issue Number
DevSecOps Head Commit URL
DevSecOps Commit Message
DevSecOps LGTM Analysis Project ID
DevSecOps PR Base Size
DevSecOps Repository URL
DevSecOps PR Closed At
DevSecOps PR Assignees
DevSecOps PR Base Label
DevSecOps Head Commit Message
DevSecOps Head Commit ID
DevSecOps PR Assignee
DevSecOps Commit TimeStamp
DevSecOps LGTM Analysis Logs URL
DevSecOps App Task Completed At
DevSecOps CodeQL Alerts
DevSecOps After Commit ID
DevSecOps Language
DevSecOps LGTM Analysis Status
DevSecOps PR Head Commit
DevSecOps PR Pushed At
DevSecOps Analysis ID
DevSecOps PR Additions
DevSecOps PR Deletions
DevSecOps Project ID
DevSecOps Git Issue Details
DevSecOps PR State
DevSecOps Commit Modified Files
DevSecOps PR Watchers
DevSecOps LGTM Project URL
DevSecOps Head Commit Tree ID
DevSecOps App Task Id
DevSecOps App Task Status
DevSecOps PR Body
DevSecOps Organization Name
DevSecOps LGTM Project Grade
DevSecOps Git Pusher Name
DevSecOps LGTM Analysis Results URL
DevSecOps App Task Action
DevSecOps PR Number
DevSecOps PR Updated At
DevSecOps PR Size
DevSecOps PR Comments
DevSecOps PR Head Open Issues
DevSecOps LGTM Analysis ID
DevSecOps Repository ID
DevSecOps Repository Name
DevSecOps Commit Author
DevSecOps PR Mergeable State
DevSecOps PR Installation ID
DevSecOps PR Changed Files
DevSecOps Commit URL
DevSecOps Commit Tree ID
DevSecOps PR Head ID
DevSecOps App Task App ID
DevSecOps Head Commit Commiter
DevSecOps App Task Head Commit
DevSecOps App Task PR Number
DevSecOps LGTM Project ID
DevSecOps LGTM Project Language
DevSecOps Repository Organization
DevSecOps PR ID
DevSecOps Commit ID
DevSecOps LGTM Project Status
DevSecOps PR Branch
DevSecOps App Task App Name
DevSecOps Head Commit TimeStamp
DevSecOps App Task Output Summary
DevSecOps LGTM Project Name
DevSecOps Commit Committer
DevSecOps App Task Conclusion
DevSecOps IaC Vulnerability Description
DevSecOps PR Created At
DevSecOps App Task Name
DevSecOps Head Commit Author
DevSecOps IaC Vulnerable Files
DevSecOps App Task Output Title
DevSecOps IaC Vulnerability Severity
DevSecOps App Task Started At
DevSecOps IaC Vulnerability
DevSecOps LGTM Project Config
DevSecOps Developer Email
DevSecOps Before Commit ID
DevSecOps App Task PR ID

Incident Types

Name	Description
DevSecOps New Git PR

Indicator Fields

Name	Description
DevSecOps SAST Category
DevSecOps Rule ID
DevSecOps Commit ID
DevSecOps SAST Precision
DevSecOps Message
DevSecOps SAST Severity

Integrations

Name	Description
LGTM (Community Contribution)	An Integration with LGTM API
Docker Engine API (Community Contribution)	The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.
GitLab (Deprecated) (Community Contribution)	Deprecated. Use GitLab v2 in GitLab Pack instead.
MinIO (Community Contribution)	An Integration with MinIO Object Storage.

Playbooks

Name	Description
DevSecOps - Fetch PR - Triage	A CodeQL Code Analysis Playbook
DevSecOps - LGTM - Analysis - SubPB v2	A CodeQL Code Analysis Playbook
DevSecOps - Prisma - Analysis -SubPB	Prisma Task Analysis Playbook
DevSecOps - LGTM - Analysis - SubPB	A CodeQL Code Analysis Playbook
DevSecOps - Fetch PR - Triage V2	A PR Triage Playbook

Indicator Types

Name	Description
DevSecOps IaC Scan Alert
DevSecOps SAST Alert
DevSecOps Git Commit

Required Content Packs (4)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
GitHub	By: Cortex XSOAR
Slack	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (9)

Pack Name	Pack By
Slack	By: Cortex XSOAR
Base	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Common Types	By: Cortex XSOAR
IAM SCIM	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
GitHub	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR

1.1.8 - 7209615 (December 19, 2023)

Fixed an issue where images with special chars were not displyed properly in the pack README file.

Related pull requests:
- 31421

Download

1.1.7 - 6647170 (October 19, 2023)

Integrations

MinIO

Fix an issue where the parameter bucket_name had an predefined value to empty string which show a dropdown menu for the minio-put-object and minio-fput-object commands. It fix the same issue on the parameter length for the minio-get-object command
New commands added: <br /> minio-copy-object: Create an object by server-side copying data from another object. <br /> minio-set-tag: Set tags configuration to an object. <br /> minio-get-tags: Get tags configuration of an object.

Related pull requests:
- 30132
- 30298

Download

1.1.6 - R5801668 (July 18, 2023)

Integrations

Docker Engine API

Updated the Docker image to: demisto/python3:3.10.12.63474.

LGTM

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27936

Download

1.1.5 - 5567341 (June 19, 2023)

Integrations

GitLab (Deprecated)

Fixed an issue where a default argument value was missing in some commands.

Related pull requests:
- 27443

Download

1.1.4 - R5450895 (June 5, 2023)

Integrations

Docker Engine API

Updated the Docker image to: demisto/python3:3.10.11.54132.

LGTM

Updated the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 25971

Download

1.1.3 - 4727595 (March 2, 2023)

Integrations

Docker Engine API

Updated the Docker image to: demisto/python3:3.10.10.48392.

LGTM

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24986

Download

1.1.2 - R4718798 (March 1, 2023)

Layouts

New Git PR
This item is no longer supported in XSIAM.

Related pull requests:
- 24222

Download

1.1.1 - 4013107 (November 10, 2022)

Integrations

GitLab (Deprecated)

Deprecated. Use GitLab v2 in GitLab Pack instead.
Updated the Docker image to: demisto/python3:3.10.7.35188.

Related pull requests:
- 21695
- 21830
- 21863
- 21996
- 22018
- 22029
- 14484
- 14439
- 14469
- 14483
- 14380
- 14422
- 14465
- 14442
- 14490
- 14492
- 14493
- 14130
- 14489
- 14382
- 14502
- 14124
- 14482
- 14503
- 14499
- 14466
- 12770
- 14501
- 14375
- 12795
- 14350
- 14507
- 13848
- 14378
- 13857
- 14512
- 14384
- 14516
- 14500
- 14481
- 14464
- 14522
- 14459
- 14525
- 14523
- 14076
- 14532
- 14368
- 14519
- 14455
- 13905
- 14537
- 14540
- 14538
- 14372
- 14072
- 14524
- 14498
- 14536
- 14302
- 14550
- 14505
- 14542
- 14468
- 14555
- 14556
- 14541
- 14526
- 14552
- 12335
- 14529
- 14561
- 14470
- 14331
- 13676
- 14475
- 11589
- 14568
- 14569
- 14565
- 13875
- 14558
- 13550
- 14578
- 14579
- 13902
- 14583
- 14511
- 14557
- 14585
- 14587
- 14476
- 14451
- 14596
- 14553
- 14517
- 14508
- 14605
- 14609
- 14607
- 14599
- 14480
- 14600
- 14545
- 14608
- 14604
- 14548
- 14543
- 14602
- 14590
- 14430
- 14611
- 14614
- 14376
- 14613
- 14612
- 14531
- 14591
- 13994
- 14564
- 14615
- 13924
- 14352
- 14626
- 14635
- 14633
- 14632
- 14622
- 14634
- 14625
- 14631
- 14636
- 14598
- 22028

Download

1.1.0 - 3250424 (July 12, 2022)

Integrations

Docker Engine API

Fixed certificate parameter type
Added CA cert parameter
Added Registry authentication
Added Commands:
- docker-container-delete
- docker-image-delete
- docker-image-create
- docker-image-push
- docker-image-tag
Updated the Docker image to: demisto/python3:3.10.5.31928.

Related pull requests:
- 19747
- 20009

Download

1.0.10 - 2507216 (March 3, 2022)

Integrations

GitLab

Fixed an issue where the trigger_token param type was wrong.
Updated the docker image to demisto/python3:3.10.1.26972

Download

PUBLISHER

Ayman Mahmoud

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported By	Community
Created	May 30, 2021
Last Release	December 19, 2023

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.