Demisto SDK usage and configuration - Demisto SDK Guide - Cortex - Security Operations

Demisto SDK Guide

Creation date
Last date published
Demisto SDK Guide

Demisto SDK configurations and usage - content path, private repositories, CLI, Docker images, version check, offline use, license, CI/CD, and contributions to the SDK.

Content path

The Demisto SDK  is designed to work with Cortex content, structured similarly to the official Cortex content repo. We recommend running Demisto SDK commands from the content directory or any of its subfolders. To run Demisto SDK commands from other folders, you can set the DEMISTO_SDK_CONTENT_PATH environment variable.

We recommend running all Demisto SDK commands from a folder with a git repo, or any of its subfolders. To suppress warnings about running commands outside of a content repo folder, set the DEMISTO_SDK_IGNORE_CONTENT_WARNING environment variable. If git is not installed or if you try to run Demisto SDK commands on a repository that is not a git repository, the SDK will exit.


Log files are generated and stored automatically by default in the user's home directory:

  • Linux / macOS $HOME/.demisto-sdk/logs

  • Windows %USERPROFILE%\.demisto-sdk\logs

The default directory can be overridden by using the --log-file-path flag or the DEMISTO_SDK_LOG_FILE_PATH environment variable.

Use the SDK in private repositories

If you are using a private GitHub repository, some SDK functions require an interaction with Git. To use the SDK, set up your GitHub token. Generate your token on GitHub and then run: export DEMISTO_SDK_GITHUB_TOKEN=<token>.

For a private repository and an unconfigured DEMISTO_SDK_GITHUB_TOKEN environment variable, files will be fetched from the remote branch of the local repo.

CLI usage

Run SDK commands from the CLI by following this structure: demisto-sdk <command_name> <command_arguments>. If you are not sure of the available commands, run demisto-sdk -h to view a full list of available commands and a short description of each command. To view the list of arguments available for a command and their descriptions, run demisto-sdk <command_name> -h.

Run using Docker image

You can run the Demisto SDK using a docker image. For more details, see Demisto SDK Docker.

Version check

demisto-sdk checks against the GitHub repository releases for a new version every time it runs and issues a warning if you are not using the latest version. If you wish to skip this check you can set the environment variable: DEMISTO_SDK_SKIP_VERSION_CHECK. For example: export DEMISTO_SDK_SKIP_VERSION_CHECK=yes

Internet connection

An internet connection is required for the following commands to work properly:

  • format

  • validate

  • update-release-notes

The following commands may only work partially without an internet connection:

  • download - will fail when using the -fmt, --run-format argument

  • lint - will fail when creating the image

  • generate-test-playbook - cannot upload the test playbook after the generation

When working offline (or in an air-gapped environment), set the DEMISTO_SDK_OFFLINE_ENV environment variable to true: export DEMISTO_SDK_OFFLINE_ENV=TRUE. When this variable is set, Demisto SDK features requiring an internet connection will not attempt to run, saving time and avoiding errors.


MIT - See license for more information.


For information regarding CI/CD, please see this article.

Contributions to Demisto SDK

Contributions are welcome and appreciated. For information see Contribute to Demisto SDK. The contribution guide includes information on how to set up your demisto-sdk dev environment. The development environment is connected to the branch you are currently using in the SDK repository.