Skip to content

Guardsquare/appsweep-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

action.yml

action.yml

 
 

main.py

main.py

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation



AppSweep

GitHub action for AppSweep Mobile Application Security Testing

Usage

This action can be used to automate scanning your Android application using a GitHub action

Example workflow

# This workflow will initiate a Guardsquare AppSweep scan of your APK
name: AppSweep mobile application security testing
on: [push]
jobs:
  appsweep-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
        with:
          repository: ''

      - uses: guardsquare/appsweep-action@main
        with:
          appsweep_api_key: ${{ secrets.APPSWEEP_API_KEY }}
          input_file: InsecureBankv2.apk
          commit_hash: ${{ github.sha }}

Inputs

Input Description
APPSWEEP_API_KEY Project API key for your AppSweep project, should be stored using Github SECRETS
INPUT_FILE The APK that will be uploaded to AppSweep
MAPPING_FILE (optional) An optional obfuscation mapping file for the build
LIBRARY_FILE (optional) An optional library mapping file for the build
COMMIT_HASH (recommended) A recommended parameter to track the commit hash of the build
TAGS (optional) An optional set of tags to append to your build

Examples

Using all the optional inputs

This is how to use the optional input:

# This workflow will initiate a Guardsquare AppSweep scan of your APK
name: AppSweep mobile application security testing
on: [push]
jobs:
  appsweep-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
        with:
          repository: ''

      - uses: guardsquare/appsweep-action@main
        with:
          appsweep_api_key: ${{ secrets.APPSWEEP_API_KEY }}
          input_file: InsecureBankv2.apk
          mapping_file: mapping.txt
          library_file:
          commit_hash: ${{ github.sha }}
          tags: release

Using AppSweep Gradle Plugin in GitHub actions

In case you use the AppSweep Gradle plugin there is no need to provide TAGS, LIBRARY_FILE, MAPPING_FILE, and COMMIT_HASH as they will be computed automatically. This is how to use the AppSweep Gradle plugin in GitHub actions:

# This workflow will initiate a Guardsquare AppSweep scan of your APK
name: AppSweep mobile application security testing
on: [push]
jobs:
  appsweep-scan:
    runs-on: ubuntu-latest
    steps:
      - name: check out repository code
        uses: actions/checkout@master

      - name: setup java
        uses: actions/setup-java@v3
        with:
          distribution: 'oracle'
          java-version: '17'

      - name: upload with gradle
        env:
          appsweep_api_key: ${{ secrets.APPSWEEP_API_KEY }}
        run: ./gradlew uploadToAppSweepDebug  # You can change the task name in here.

About

GitHub action for AppSweep can be used to continuously integrate app scanning using AppSweep into your Android app build process

Topics

android-development security-tools app-testing

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

17 stars

Watchers

10 watching

Forks

3 forks
Report repository

Releases 6

Improve handling of inputs Latest
Nov 9, 2023
+ 5 releases

Packages

No packages published

Contributors 7

Languages