Develop an app using the Splunk SOAR SDK

Description of setting up and requirements for using the Splunk SOAR SDK

The Splunk SOAR Software Development Kit (SDK) is a newer tool that streamlines the process of developing and testing your app. With the SDK, you can use your own development workstation with your preferred code editor. Note the following supported and unsupported development platforms:
Supported Development PlatformUnsupported Development Platform
Mac Windows
Linux

To get started with the Splunk SOAR SDK, follow these steps:

  1. Install uv. You will use this tool to manage your app’s Python dependencies.

  2. Install Python 3.9 and 3.13, the two Python versions currently supported by Splunk SOAR. To install these versions, run the following command: uv python install 3.9 3.13

  3. Install the Splunk SOAR SDK to have access to the soarapps command line tool. To install, run the following command: uv tool install splunk-soar-sdk

  4. To create a new directory containing code for your apps, run the following command: soarapps init You are prompted for various pieces of information, including what you want to name this directory.

  5. Use your favorite text editor or IDE to open the directory you just created.

Use the Splunk SOAR SDK

To learn more about the components of an SDK-created app and learn how to create apps with the SDK, see the Splunk SOAR SDK documentation in GitHub.

For help with the SDK, file an issue on GitHub.

Convert an existing SOAR app to use the SDK

If you already have an app that was built using the App Wizard, you can convert it to use the SDK instead. Read more about details of the conversion process after the basic steps described here.

To convert existing apps created with the App Wizard to use the SDK instead, follow these steps:

  1. Download the code for your existing app code onto your development workstation. Then extract it from the TGZ archive.

  2. Open your terminal and navigate to the directory where you extracted the code.

  3. To create a new SDK codebase with your app's existing assets and actions, run the following command: soarapps convert By default, this new codebase is created in the sdk_app directory.

  4. Open this directory in your favorite text editor or IDE.

convert command details

The convert command automatically migrates all of the following features of your app:

  • App metadata, including the name, description, license, and logos

  • Any Python dependencies specified in requirements.txt

  • Configuration parameters for your app’s asset

  • App asset: configuration parameters

  • App actions: names and descriptions, input and output parameter types

The convert command has the following limitations:

  • The command creates an empty handler function for each of your app’s actions. The logic for these actions cannot be migrated automatically, so you must write the logic of these actions yourself.

  • The command does not migrate custom views, custom REST handlers, or app webhooks. You must re-implement these yourself using the SDK. The SDK does not support custom REST handlers, so you must convert them to app webhooks.