Azure Pipelines is a cloud-based continuous integration and continuous delivery (CI/CD) service that automates building, testing, and deploying applications across multiple platforms and environments.
This guide explains how to automate the AppSweep security scanning in an Azure Pipeline.
Azure pipeline configuration
In your typical Android app build, you will already build the app using Gradle.
Uploading the generated app can be done as a separate, subsequent step in your pipeline script.
- task: Bash@3
inputs:
targetType: 'inline'
script: |
APPSWEEP_CLI_DIR=$(mktemp -d)
curl --retry 3 \
--retry-max-time 120 \
--retry-all-errors \
-sS https://platform.guardsquare.com/cli/install.sh | sh -s -- --yes \
--bin-dir "$APPSWEEP_CLI_DIR"
$APPSWEEP_CLI_DIR/guardsquare scan YOUR_APP_BINARY
env:
APPSWEEP_API_KEY: $(APPSWEEP_API_KEY)
The following two parameters need to be replaced directly in the script:
YOUR_APP_BINARYshould point to the app created by the Gradle step, e.g.,./app/build/outputs/apk/debug/app-debug.apkTo associate the build with an app on appsweep.guardsquare.com, you need to create an AppSweep API key on appsweep.guardsquare.com, and create an
Azure pipeline secret:
The full pipeline can look something like this:
As a result, your app will be uploaded to AppSweep, after which you can check the build status in AppSweep’s web UI.
You can access the URL of your AppSweep build directly from the logs of step:
