Playbook of the Week: Automating CI/CD Pull Requests in GitHub

This blog was authored by Shelly Tzohar.

Continuous integration and delivery (CI/CD) is the set of processes that helps DevOps teams build and deliver high-quality software quickly. Integrating security into CI/CD typically involves adding security checks or safeguards to each key stage of the CI/CD pipeline. With Cortex XSOAR, the CI/CD process helps to develop and maintain content for complex content development using the full functionality of a Git repository, enabling you to run unit tests, code reviews, run test playbooks, etc. Instead of building and maintaining code on a Cortex XSOAR development environment, you can build content from your own repository, build servers, and utilize third-party tools.

For Cortex XSOAR users who have built their own custom content like scripts, playbooks, and integrations, we have built a content pack to help make it easier to manage all custom content via a defined repository. The XSOAR CI/CD content pack is intended to help security engineers develop, test, review, implement, and maintain content in a smooth and secure process.

The automations included in this content pack allow for the installation of custom content and artifact repositories such as AWS S3 and Google Cloud storage. The pack is used to make sure that content that is developed is implemented in your environment while making sure that changes you make to your content does not break existing flows. In addition, you can manage your content in a single, yet separate, repository with the out-of-the-box content provided by Cortex XSOAR and track the versioning of your content to support rolling back, if necessary.

The CI/CD content pack was recently updated to make it easier for users to push new and updated content to a pull request across multiple git platforms such as GitHub, GitLab and Bitbucket. Let’s dive deeper into how you can automate pull requests with Cortex XSOAR.

Automate Our Pull Request with Cortex XSOAR CI/CD

First, ensure you have the Cortex XSOAR CI/CD content pack installed from the Marketplace.

There are two options in the pull request management:

• Pull Request Creation to create a new pull request in your repository
• Pull Request Update to update an existing pull request in your repository

How Does It Work?

The main playbook will receive the following arguments:

• Channel name - Used in order to send a message after the playbook is done running
• Pull Request Template - This is the template of the PR that you’ll want to see once it opens
• Main Branch - The name of the branch you want the changes pulled into, which must be an existing branch on the current repository.
• Git Integration - To select which version control integration to use.

After the initial configuration, create an incident, include the custom content zip you want to push, choose the playbook Pull Request Creation - Generic, and let XSOAR do the rest.

The playbook will retrieve the zip file and unzip it, then according to the git integration choice, it will go to the applicable sub playbook and create the pull request for you. After it is complete, if a channel name was provided, you’ll get a notification with the link to the pull request.

For a more detailed walkthrough of this pack, visit the Cortex XSOAR Developer Doc or read the Reference Article.

Don’t have Cortex XSOAR? Download our free Community Edition today to test out this playbook and hundreds more automations for common use cases you deal with daily in your security operations or SOC.