Skip to main content
All CollectionsIntegrations & Automation
Integrating AppSweep with Xcode Cloud
Integrating AppSweep with Xcode Cloud
Updated this week

Xcode Cloud is Apple's native CI solution that integrates directly with Xcode.

This guide explains how to incorporate AppSweep scanning into your Xcode Cloud workflow.

Xcode Cloud Build Scripts

Xcode Cloud uses scripts in the ci_scripts directory at three stages:

  • ci_post_clone.sh: Executes after cloning the git repository, making it suitable for initial setup tasks like installing tools or modifying files.

  • ci_pre_xcodebuild.sh: Runs before the xcodebuild command, useful for compiling extra dependencies.

  • ci_post_xcodebuild.sh: Activates post-build, allowing your script to perform extra tasks with the final app bundle built in this CI run.

AppSweep Integration

Create ci_scripts/ci_post_xcodebuild.sh with the following content:

#!/bin/sh

set -eo pipefail

# Skip if build failed
if [ "${CI_XCODEBUILD_EXIT_CODE}" -ne 0 ]; then
    echo "xcodebuild didn't finish successfully, skipping AppSweep upload"
    exit 0
fi

# Install CLI
echo "Installing Guardsquare CLI"
curl -sS https://platform.guardsquare.com/cli/install.sh | sh -s -- -y

# Upload and scan
echo "Uploading to AppSweep"
AS_ID=$(guardsquare scan ${CI_ARCHIVE_PATH} --format {{.ID}})
AS_URL="https://appsweep.guardsquare.com/builds/${AS_ID}"

# Wait for results
echo "Created AppSweep scan at ${AS_URL}. Waiting for results..."
guardsquare scan summary --wait-for=static ${AS_ID} --format json > as-result.json
AS_HIGH_FINDINGS=$(jq ".high" as-result.json)

# Handle results
if [ "${AS_HIGH_FINDINGS}" -eq 0 ]; then
    echo "No high severity findings detected" && exit 0
elif [ "${AS_HIGH_FINDINGS}" -eq 1 ]; then
    echo "One high severity finding detected!"
else
    echo "${AS_HIGH_FINDINGS} high severity findings detected!"
fi

exit 1

This script will:

  • Install CLI,

  • upload your app to AppSweep,

  • scan your app, and

  • save the result into a file named as-result.json

Usage

  1. Add the script to your repository, Xcode Cloud will automatically detect and run it.

  2. The result will be visible in Xcode's build log.

  3. Fix all security issues and build the project to trigger a new scan.

The script will fail the build if high severity issues are found and provide a URL to view detailed findings in AppSweep.

Related Articles
Integrating AppSweep with XCode
Integrating AppSweep with iOS Fastlane
Using the Guardsquare CLI
Integrating Interactive Analysis with existing UI tests
AppSweep Overview
Did this answer your question?