Skip to main content


Download With Dependencies

DevSecOps CI/CD Orchestration Integration Pack.

DevSecOps content pack contains multiple integrations and playbooks to help shifting security as left as the planning stage of a continues integration pipeline and make DevSecOps orchestration to be within reach.

While CI/CD orchestration tools such as Jenkins, CircleCI and others were primarily built by and to developers, SOAR is better positioned to bridge this orchestration gap between DevOps and SecOps for the following reasons:

  • CI/CD orchestration pipelines are arguably easy to read and troubleshoot by developers , SOAR provides the same orchestration workflow in two different formats that are readable by both Developers and Security Analysts.
  • SOAR provides way more to a DevSecOps Eco-System than CI/CD Orchestrator does:
    • Collaboration between teams members in the Eco-System.
    • Cases management.
    • Central reporting and long list of out of box integrations with security tools.

With SOAR integrations, playbooks, fields, XSOAR can be turned into a DevSecOps Orchestrator that taps in a DevSecOps Eco-System and solve for a spectrum of use cases in different stages of CI/CD piplines.

From threat-modeling in the Planning stage to IaC security in Dev, static code analysis in Build, post deployment scans in Deploy and Monitoring/Responding to incidents once the code is running in production.

This content pack will be updated with more integrations with different software factory tools:

  • IDE's
  • Code Repo Providers
  • CI/CD Orchestrators
  • Code Compilers/Builders/Packagers
  • Workload Orchestration Platforms
  • Configuration Automation Tools
  • Threat Modelers
  • Vulnerability Scanners
  • Networks Security Tools
  • Asset Management Tools
  • Log Management Tools
  • Ticketing Systems

This version of the pack has four integrations :

  • LGTM, a SAST cloud service built on CodeQL
  • GitLab, a source code management platform
  • Docker Engine, an open source containerization platform
  • MinIO, a high-performance object storage suite

A new incident type along with new fields:

  • DevSecOps New Git PR

A new playbook:

  • A PR triage Playbook that parse and record the PR details once fetched by the Github integration.


Ayman Mahmoud


Cortex XSOARCortex XSIAM


Supported ByCommunity
CreatedMay 30, 2021
Last ReleaseOctober 19, 2023

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.