Azure Pipelines is a cloud-based continuous integration and continuous delivery (CI/CD) service that automates building, testing, and deploying applications across multiple platforms and environments.
This guide explains how to automate the AppSweep security scanning in an Azure Pipeline.
Prerequisites
Make sure you have set up the AppSweep Gradle plugin and created an API key for your application.
Note: The AppSweep Gradle plugin is only compatible with Gradle versions below 8.7.
Azure pipeline configuration
Add the Gradle task as a stage of your existing build pipeline. To do so, add the following block to your azure-pipelines.yml file replacing gs_appsweep_**** with your own AppSweep API key:
- task: Gradle@3
inputs:
tasks: 'uploadToAppSweepDebug'
env:
APPSWEEP_API_KEY: gs_appsweep_****
Note: for release builds change the command to ./gradlew uploadToAppSweepRelease.
As a result, your debug app will be uploaded to AppSweep as the final stage of your pipeline, after which you can check the build status in AppSweep’s web UI.
You can access the URL of your AppSweep build directly from the logs of the Gradle task in Azure.