All that is required to run MobSF in the ci
This repo is no longer maintained, it is kept here only as a reference.
This repo contains all the is required to run MobSF in the CI. MobSF is a security tool that can scan APK/IPA and report various security issues. By running it in the CI, you can find those issues earlier, and fix them. To learn more about what it MobSF and what it can detect, checkout the blog post.
The easiest way to use this repo is by using docker app. Simply run:
docker-app render omerl/mobsf-ci:0.3.0 --set target_folder=<path to the folder that contains the APK> --set target_apk=<apk name> --set output_folder=<path to folder where the report will be written> | docker-compose -f - up --exit-code-from scan
To parse the report, use Glue - see in the next section how.
target
in the root folder, and place the target there (e.g. target/my_app.apk
).TARGET_PATH='target/<name of the target>' docker-compose up --build --exit-code-from scan
output/report.json
.docker run -it -v $(pwd)/output:/app owasp/glue:raw-latest ruby bin/glue -t Dynamic -T /app/report.json --mapping-file mobsf --finding-file-path /app/android.json -z 2