App developer

The app developer is the person who develops apps for the IBM Security Orchestration & Automation application to access and return external data, interact or integrate with other security systems, or work as a utility that performs a specific action.

The programming environment and tools vary depending on the type of app that you want to develop:
  • Use the SDK to write apps based on functions. The apps are written in Python, and can be compiled in the container-based format or the extension format for use with earlier releases of the Orchestration & Automation.
  • Use Circuits and the integration server to write apps based on custom actions. Unlike an app based on functions, custom actions populate a custom field or data table within the Orchestration & Automation application, where a function returns the results to the workflow that invoked the function. Custom actions are a more technical complement to functions. They allow developers to build an application that combines integration activities in specific ways. Custom actions are used to provide a single prescriptive solution that might include additional capabilities but usually gives system administrators less flexibility.
  • Use REST API endpoints to write a custom threat service if you want to add a threat source not currently available from the Orchestration & Automation application.
  • Write directly to the REST API to create a plug-in for a tighter integration than is possible with an app. You can write an plug-in in any language that allows TLS connections to a message broker using the STOMP or ActiveMQ (OpenWire) protocol. The typical programming languages are Python and Java. If you use a Java-based language, typically you would use the ActiveMQ client library, which uses the OpenWire protocol. There are libraries that support STOMP and are available for most modern programming languages. To use Java or any other language, you should be familiar with the API.