Skip to content

AppSweep Mobile Application Security Testing

Actions
Scan your app using AppSweep by Guardsquare, signup at https://guardsquare.com/appsweep-mobile-application-security-testing
V1.6
Latest
By Guardsquare
Verified creator
Star (18)

Tags

 (2)
securitymobile-ci

Verified

GitHub has manually verified the creator of the action as an official partner organization. For more info see About badges in GitHub Marketplace.



AppSweep

GitHub action for AppSweep Mobile Application Security Testing

Usage

This action can be used to automate scanning your Android application using a GitHub action

Example workflow

# This workflow will initiate a Guardsquare AppSweep scan of your APK
name: AppSweep mobile application security testing
on: [push]
jobs:
  appsweep-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
        with:
          repository: ''

      - uses: guardsquare/appsweep-action@main
        with:
          appsweep_api_key: ${{ secrets.APPSWEEP_API_KEY }}
          input_file: InsecureBankv2.apk
          commit_hash: ${{ github.sha }}

Inputs

Input Description
APPSWEEP_API_KEY Project API key for your AppSweep project, should be stored using Github SECRETS
INPUT_FILE The APK that will be uploaded to AppSweep
MAPPING_FILE (optional) An optional obfuscation mapping file for the build
LIBRARY_FILE (optional) An optional library mapping file for the build
COMMIT_HASH (recommended) A recommended parameter to track the commit hash of the build
TAGS (optional) An optional set of tags to append to your build

Examples

Using all the optional inputs

This is how to use the optional input:

# This workflow will initiate a Guardsquare AppSweep scan of your APK
name: AppSweep mobile application security testing
on: [push]
jobs:
  appsweep-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
        with:
          repository: ''

      - uses: guardsquare/appsweep-action@main
        with:
          appsweep_api_key: ${{ secrets.APPSWEEP_API_KEY }}
          input_file: InsecureBankv2.apk
          mapping_file: mapping.txt
          library_file:
          commit_hash: ${{ github.sha }}
          tags: release

Using AppSweep Gradle Plugin in GitHub actions

In case you use the AppSweep Gradle plugin there is no need to provide TAGS, LIBRARY_FILE, MAPPING_FILE, and COMMIT_HASH as they will be computed automatically. This is how to use the AppSweep Gradle plugin in GitHub actions:

# This workflow will initiate a Guardsquare AppSweep scan of your APK
name: AppSweep mobile application security testing
on: [push]
jobs:
  appsweep-scan:
    runs-on: ubuntu-latest
    steps:
      - name: check out repository code
        uses: actions/checkout@master

      - name: setup java
        uses: actions/setup-java@v3
        with:
          distribution: 'oracle'
          java-version: '17'

      - name: upload with gradle
        env:
          appsweep_api_key: ${{ secrets.APPSWEEP_API_KEY }}
        run: ./gradlew uploadToAppSweepDebug  # You can change the task name in here.

Contributors (7)

@githubrlloyd@foadjn@capoz@dzan@ubiratansoares@MichielDerhaeg@dependabot

Resources

AppSweep Mobile Application Security Testing is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

About

Scan your app using AppSweep by Guardsquare, signup at https://guardsquare.com/appsweep-mobile-application-security-testing
V1.6
Latest
By Guardsquare

Verified

GitHub has manually verified the creator of the action as an official partner organization. For more info see About badges in GitHub Marketplace.

Tags

 (2)
securitymobile-ci

Contributors (7)

@githubrlloyd@foadjn@capoz@dzan@ubiratansoares@MichielDerhaeg@dependabot

Resources

AppSweep Mobile Application Security Testing is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.