While CI pipelines are common for security scanning, you can speed up feedback by integrating AppSweep directly into Xcode.
This guide shows how to automatically trigger scans when building an xcarchive.
Prerequisites
1. Install Guardsquare CLI in your CI environment
2. Create an API key from AppSweep application settings
3. Set the APPSWEEP_API_KEY environment variable in CI to the created key
Xcode Integration
1. Open the scheme editor
2. Configure a Post-Action
Select the "Archive" step
Navigate to "Post-actions"
Click "New Run Script Action"
3. Set Build Settings
Ensure you select the build settings from your app's target to access the archive location
4. Add Scanning Script
Add the following script, replacing `gs_appsweep_dummy_notarealkey` with your API key:
cd "$SRCROOT"
BUILD_URL=$(APPSWEEP_API_KEY="gs_appsweep_dummy_notarealkey" guardsquare scan "$ARCHIVE_PATH" --format "{{.URL}}")
if [ $? -ne 0 ] || [ -z "$BUILD_URL" ]; then
osascript -e 'display dialog "Failed to start AppSweep scan" with title "Upload to AppSweep" with icon caution'
exit 1
fi
osascript -e 'set theAlertText to "Upload to AppSweep"' \
-e "set theAlertMessage to \"Successfully uploaded to $BUILD_URL\"" \
-e 'display dialog theAlertMessage with title "Upload to AppSweep" buttons {"Cancel", "View online"} default button "View online" cancel button "Cancel"' \
-e "if the button returned of the result is \"View online\" then open location \"$BUILD_URL\""
```
This script uploads your app to AppSweep, performs the scan, and launches a pop-up dialog that takes you directly to the scan’s page.
4. Test the integration
Build an xcarchive and you'll see this confirmation dialog:
The dialog provides options to view the results directly in AppSweep's web interface.