validate - Demisto SDK Guide - Cortex

Abstract

The validate command validates YAML, JSON, and MD files to verify they are in compliance with Cortex standards.

This command ensures that the content repository files are valid and are able to be processed by the platform. This is used in our validation process both locally and in Gitlab.

Argument	Description
-g, --use-git	Validates changes using Git, checking the current branch's changes against origin/master. If the `--post-commit` flag is supplied, validation runs only on the current branch's changed files that have been committed. If the `--post-commit` flag is not supplied, validation runs on all changed files in the current branch, both committed and not committed.
-a, --validate-all	Whether to run all validation on all files.
-i, --input	The path of the content pack/file to validate specifically.
-pc, --post-commit	Whether the validation should run only on the current branch's committed changed files. This applies only when the `-g` flag is supplied.
-st, --staged	Whether the validation should run only on the current branch's staged files. This applies only when the `-g` flag is supplied.
--prev-ver	The previous branch or SHA1 commit to run checks against.
--no-multiprocessing	Run validate all without multiprocessing, for debugging purposes.
-j, --json-file	The JSON file path to which to output the command results.
--category-to-run	Run specific validations by stating the category they're listed under in the config file.
-f, --fix	Whether to auto fix failing validations with an available auto fix.
--config-path	Path for a config file to run. If not given, the config file will run the default path at: demisto_sdk/commands/validate/default_config.toml
--ignore-support-level	Whether to skip validations based on their support level.
--run-old-validate	Whether to run the old validate flow. Alternatively, you can configure the RUN_OLD_VALIDATE environment variable.
--skip-new-validate	Whether to skip the new validate flow. Alternatively, you can configure the SKIP_NEW_VALIDATE environment variable.
-sv, --run-specific-validations	A comma-separated list of validations to run for the stated error codes.
--ignore	Specifies an error code to not run. To ignore more than one error, repeat this option (for example --ignore AA123 --ignore BC321).

demisto-sdk validate --prev-ver SHA1-HASH
Validates only changed files from the branch (for SHA1 hash files).
demisto-sdk validate --post-commit
Runs a post commit.
demisto-sdk validate -i Packs/HelloWorld/Integrations/HelloWorld/HelloWorld.yml
Validates only the Packs/HelloWorld/Integrations/HelloWorld/HelloWorld.yml file.
demisto-sdk validate -a
Validates all files under the Packs directory.
demisto-sdk validate -i Packs/HelloWorld
Validates all files under the HelloWorld content pack.
demisto-sdk validate --run-old-validate --skip-new-validate -a
Validates all files in the repository using the old validate method.
demisto-sdk validate --config-path {config_file_path} -a
Validates all files in the repository using the settings configured in the config file in the given path.

Each error found by the validate command has an error code attached to it. The error code is in brackets preceding the error itself.

Example 4.

path/to/file: [IN103] - The type field of the proxy parameter should be 8.

In addition, each pack has a .pack-ignore file. In order to ignore a certain validation for a given file, the error code needs to be listed in the ignorable_errors section in the validation config file, with the file name (only the name and extension, without the whole path) and the error code to ignore.

Example 5.

If the validation config file ignorable_errors section contains [file:ipinfo_v2.yml] ignore=BA108,BA109, the .pack-ignore file will not fail the ipinfo_v2.yml file on validations that generate error codes BA108 and BA109.

You can define a validation config file to meet your specific requirements. If no file is defined, the default config file is used. The default configuration includes basic validation checks that ensure only valid content is uploaded to Cortex XSOAR, preventing any faulty or incorrect content from being uploaded.

Config file sections

Sections are defined in brackets [] in the validation config file. You can define the following sections:

ignorable_errors: A list of the error codes that can be ignored for individual content items in the .pack-ignore file.
path_based_validations: The configurations to run when running with the -a / -i flags.
use_git: The configurations to run when running with the -g flag.
support_level.<support_type>: The validations to ignore based on the content item support level. support_type is either xsoar, partner, or community. to ignore this feature in some of the calls, use the --ignore-support-level flag.
Custom sections can be configured to run with the category-to-run flag. Two example custom categories are given with the default config file:
- xsoar_best_practices_use_git: The recommended set of validations to run when running with -g, it may be modified from time to time.
- xsoar_best_practices_path_based_validations: The recommended set of validations to run when running with -a / -i, it may be modified from time to time.

Section options

Each section has the following options:

select - The validations to run.
warning - Set a validation to only throw a warning and not fail the flow.

Example 6.

To run only BA101 error validation:

[custom_category]
select = ["BA101"]

Example 7.

To run all the validations with error codes BA100, BA101, and BA102, except for BA102 for community supported files:

[custom_category]
select = ["BA100", "BA101", "BA102"]
[support_level.community]
ignore = ["BA102"]