DevSecOps v1.1.17
DevSecOps CI/CD Orchestration Integration Pack.
- Author:
- Ayman Mahmoud
- Support:
- community
Classifiers (2)
Incident fields (89)
- DevSecOps After Commit ID
- DevSecOps Analysis ID
- DevSecOps App Task Action
- DevSecOps App Task App ID
- DevSecOps App Task App Name
- DevSecOps App Task Completed At
- DevSecOps App Task Conclusion
- DevSecOps App Task Head Commit
- DevSecOps App Task Id
- DevSecOps App Task Name
- DevSecOps App Task Output Summary
- DevSecOps App Task Output Title
- DevSecOps App Task Owner Login
- DevSecOps App Task PR ID
- DevSecOps App Task PR Number
- DevSecOps App Task Started At
- DevSecOps App Task Status
- DevSecOps Before Commit ID
- DevSecOps CodeQL Alerts
- DevSecOps Commit Author
- DevSecOps Commit Committer
- DevSecOps Commit ID
- DevSecOps Commit Message
- DevSecOps Commit Modified Files
- DevSecOps Commit TimeStamp
- DevSecOps Commit Tree ID
- DevSecOps Commit URL
- DevSecOps Developer Email
- DevSecOps Developer Name
- DevSecOps Git Issue Details
- DevSecOps Git Issue Number
- DevSecOps Git Pusher Name
- DevSecOps Head Commit Author
- DevSecOps Head Commit Commiter
- DevSecOps Head Commit ID
- DevSecOps Head Commit Message
- DevSecOps Head Commit TimeStamp
- DevSecOps Head Commit Tree ID
- DevSecOps Head Commit URL
- DevSecOps IaC Vulnerability
- DevSecOps IaC Vulnerability Description
- DevSecOps IaC Vulnerability Severity
- DevSecOps IaC Vulnerable Files
- DevSecOps LGTM Analysis ID
- DevSecOps LGTM Analysis Logs URL
- DevSecOps LGTM Analysis Project ID
- DevSecOps LGTM Analysis Results URL
- DevSecOps LGTM Analysis Status
- DevSecOps LGTM Project Config
- DevSecOps LGTM Project Grade
- DevSecOps LGTM Project ID
- DevSecOps LGTM Project Language
- DevSecOps LGTM Project Name
- DevSecOps LGTM Project Status
- DevSecOps LGTM Project URL
- DevSecOps Language
- DevSecOps Organization Name
- DevSecOps PR Action
- DevSecOps PR Additions
- DevSecOps PR Assignee
- DevSecOps PR Assignees
- DevSecOps PR Base Label
- DevSecOps PR Base Size
- DevSecOps PR Body
- DevSecOps PR Branch
- DevSecOps PR Changed Files
- DevSecOps PR Closed At
- DevSecOps PR Comments
- DevSecOps PR Commits
- DevSecOps PR Created At
- DevSecOps PR Deletions
- DevSecOps PR Head Commit
- DevSecOps PR Head ID
- DevSecOps PR Head Open Issues
- DevSecOps PR ID
- DevSecOps PR Installation ID
- DevSecOps PR Mergeable State
- DevSecOps PR Number
- DevSecOps PR Pushed At
- DevSecOps PR Size
- DevSecOps PR State
- DevSecOps PR Title
- DevSecOps PR Updated At
- DevSecOps PR Watchers
- DevSecOps Project ID
- DevSecOps Repository ID
- DevSecOps Repository Name
- DevSecOps Repository Organization
- DevSecOps Repository URL
Incident types (1)
Indicator fields (6)
- DevSecOps Commit ID
- DevSecOps Message
- DevSecOps Rule ID
- DevSecOps SAST Category
- DevSecOps SAST Precision
- DevSecOps SAST Severity
Indicator types (3)
- DevSecOps_Git_Commit
- DevSecOps_IaC_Scan_Alert
- DevSecOps_SAST_Alert
Integrations (4)
- Docker Engine API
- GitLab Deprecated
- LGTM
- MinIO
Layouts (1)
README
DevSecOps content pack contains multiple integrations and playbooks to help shifting security as left as the planning stage of a continues integration pipeline and make DevSecOps orchestration to be within reach.

While CI/CD orchestration tools such as Jenkins, CircleCI and others were primarily built by and to developers, SOAR is better positioned to bridge this orchestration gap between DevOps and SecOps for the following reasons:

- CI/CD orchestration pipelines are arguably easy to read and troubleshoot by developers , SOAR provides the same orchestration workflow in two different formats that are readable by both Developers and Security Analysts.

- SOAR provides way more to a DevSecOps Eco-System than CI/CD Orchestrator does:
- Collaboration between teams members in the Eco-System.
- Cases management.
- Central reporting and long list of out of box integrations with security tools.
With SOAR integrations, playbooks, fields, XSOAR can be turned into a DevSecOps Orchestrator that taps in a DevSecOps Eco-System and solve for a spectrum of use cases in different stages of CI/CD piplines.

From threat-modeling in the Planning stage to IaC security in Dev, static code analysis in Build, post deployment scans in Deploy and Monitoring/Responding to incidents once the code is running in production.

This content pack will be updated with more integrations with different software factory tools:
- IDE’s
- Code Repo Providers
- CI/CD Orchestrators
- Code Compilers/Builders/Packagers
- Workload Orchestration Platforms
- Configuration Automation Tools
- Threat Modelers
- SAST/DAST/IAST Tools
- Vulnerability Scanners
- Networks Security Tools
- Asset Management Tools
- Log Management Tools
- Ticketing Systems
This version of the pack has four integrations :
- LGTM, a SAST cloud service built on CodeQL
- GitLab, a source code management platform
- Docker Engine, an open source containerization platform
- MinIO, a high-performance object storage suite
A new incident type along with new fields:
- DevSecOps New Git PR
A new playbook:
- A PR triage Playbook that parse and record the PR details once fetched by the Github integration.