Run Demisto SDK validations from within a docker container.
Use the Docker image to run Demisto SDK commands locally or as a CI/CD process.
Danger
To use the Demisto SDK, create a content repository for Cortex XSOAR content in a structure that matches the official Cortex XSOAR content repository.
You can generate your repository from this template.
The Demisto SDK uses volume mounts to run on the local content repository, which may cause slowness on macOS or Windows. To optimize performance use one of the following:
A Linux machine
Get the Docker image
Pull the Docker image with docker pull demisto/demisto-sdk:<tag>
The latest tags are in the Docker hub here.
Environment variables
Some commands such as demisto-sdk upload
and demisto-sdk run
need the following environment variables to communicate with your Cortex XSOAR server.
Environment Variable | Description |
---|---|
| The URL of the Cortex XSOAR server. |
| The API key. |
| Whether to verify SSL certificates. |
To pass the variables, do one of the following:
Add the
--env
option, for example:docker run --env DEMISTO_BASE_URL="https://xsoar.com:443" <rest of the command>
Use an
.env
file, for example:DEMISTO_BASE_URL="https://xsoar.com:443" DEMISTO_API_KEY="xxxxxxxxxxxxx"
Pass the variables with the following command:
docker run --env-file .env <rest of the command>
Run Docker in Docker (Docker Daemon binding)
Docker Inside Docker involves running Docker within a Docker container. Instead of interacting with the host's Docker daemon, a new Docker engine is spawned within a container, providing an isolated environment for managing containers and images. It enables creating isolated, reproducible, and secure environments within Docker containers.
To implement Docker in Docker behavior, you need to mount the Docker Daemon container to use Docker commands from within a Docker container by binding the Docker Daemon as follows:
--mount source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind
Command arguments
Argument | Description |
---|---|
| Creates a container (if one does not exist) and runs the following command inside it. |
| Keeps the stdin open and connects tty. |
| Removes the Docker container when done (omit this to reuse the container in the future). |
| Connects the pwd (if you're in content) to the container's content directory. |
| Binds the Docker Daemon to the container to enable running Docker in Docker. |
| The Docker image name. Replace the tag with the locked version, it can be found in the Docker Hub). |
| The Demisto SDK command to run inside the container. |
Create an alias to a command
Creating an alias to a command makes it easier to use the command. You can do this by adding the following line to your shell configuration files:
alias demisto-sdk="docker run -it --rm \ --mount type=bind,source="$(pwd)",target=/content \ --mount source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind \ demisto/demisto-sdk:<tag>"
Use the validate command
For more information about the validate
command, see validate.
docker run -it --rm \ --mount type=bind,source="$(pwd)",target=/content \ --mount source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind \ demisto/demisto-sdk:<tag> \ demisto-sdk validate -i Packs/ipinfo/Integrations/ipinfo_v2