Skip to main content
Question

Using custom Python SDK in SOAR integration

  • October 23, 2025
  • 2 replies
  • 79 views
GaurangPatel
Forum|alt.badge.img+3

I am working on an integration for which the SDK is available on GitHub, but it is not registered on PyPI. I wanted to check whether I can use that SDK to create my integration.

I am able to add custom .whl files to my integration in the SecOps SOAR IDE, but I want to make sure that it’s allowed to use such libraries and include custom .whl files when submitting the integration to the marketplace.

 

Any feedback is appreciated.

Thanks.

cc: ​@talshapir ​@ylandovskyy ​

2 replies

TDRez
Staff
Forum|alt.badge.img+2
  • TDRez
  • Staff
  • October 28, 2025

Security & Code Restrictions

This is the most critical limitation. The SOAR platform runs all custom code—whether typed into the IDE or imported via a library—within a secure, managed environment. This environment actively blocks certain high-risk functions.

  • Forbidden Functions: Your code (and any library you import) must not call a specific list of restricted Python expressions. These are primarily functions that allow for shell execution, subprocess creation, or OS-level commands.
  • Restricted Modules: This includes, but is not limited to, functions from:
  • os (e.g., os.system, os.execl, os.popen)
  • subprocess (e.g., subprocess.Popen, subprocess.call)

If your .whl file contains code that attempts to use these functions, it will be blocked by the platform's custom code validation.

Technical & Environment Limitations

To ensure your package runs correctly, it must be compatible with the SOAR integration's runtime environment.

  • Python Version: Integrations now support Python 3.11 (with older versions like 3.7 being deprecated). Your wheel file must be compatible with this Python version. A wheel built for Python 3.6, for example, will likely fail.
  • Operating System: The integration environment runs on a Linux-based system (specifically, it must support CentOS 7 or later).
  • Pure-Python Wheels: If your package is 100% Python, you will not have issues.
  • Binary/C-Extension Wheels: If your package includes compiled C extensions (e.g., for performance), it must be a manylinux compatible wheel. A wheel built specifically for Windows (win_amd64) or macOS will not work.
  • Size Limit: There is a 500 MB maximum size for all libraries added to a single IDE integration. This includes all .whl, .tar.gz, or .py files combined.
  • Virtual Environment: Each integration runs in its own virtual environment. This is a benefit, as it allows you to package specific versions of libraries (e.g., requests==2.25.0) without worrying about conflicts with other integrations or the base system.


Use the IDE
SOAR release notes
Requirements for publishing integrations
Understand service limits
Create your first custom integration
Build a custom integration | Google Security Operations

GaurangPatel
Forum|alt.badge.img+3
  • GaurangPatelBronze 1
  • Author
  • Bronze 1
  • October 30, 2025

Thanks ​@TDRez 

I believe the library I’m using does not use any restricted methods. So, if I’ve tested my actions and everything is working fine, I should be good to submit it to the marketplace. If it were using any restricted methods, it would be blocked by the platform’s custom code validation. As my actions are running perfectly, it shouldn’t cause any issues during the publishing process.

If the expectation is that these methods should not be present in the package at all, could you please share or point me to any scanner that can identify the use of such methods? I can then make the necessary changes if required.

Thanks again!

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.