The analysis of the application for potential security issues can be automated by triggering the analysis from within the Continuous Integration (CI) pipeline with Jenkins.
This guide explains how to integrate AppSweep with Jenkins.
Prerequisites
Make sure you have set up the AppSweep Gradle plugin and created an API key for your application.
Note: The AppSweep Gradle plugin is only compatible with Gradle versions below 8.7.
Jenkinsfile configuration
Set up the proper environment (i.e. Android, Gradle, etc…) in your Jenkins pipeline.
Store the AppSweep API key as a Jenkins credential. The Gradle plugin will use the APPSWEEP_API_KEY environment variable as the API key to associate the build with your AppSweep project.
Add the following stage to your Jenkinsfile:
stages {
stage('Upload To AppSweep') {
steps {
dir(PROJECT_DIR) {
withCredentials([string(credentialsId: 'appsweep-api-key',
variable: 'appsweep_key')]) {
withEnv(["APPSWEEP_API_KEY=$appsweep_key"]){
sh(script: "./gradlew uploadToAppSweepDebug",
returnStdout: true)
}
}
}
}
}
}Note: for release builds change the command to ./gradlew uploadToAppSweepRelease.
After configuring the pipeline steps, your pipeline automatically uploads your mobile application to AppSweep whenever it runs, e.g. for each commit, release, nightly test, etc.
In the AppSweep UI you will see all scans, chronologically ordered.