The Data Theorem Mobile App Security Plugin can be used to upload PreProd mobile binaries directly to Data Theorem for scanning during your CI/CD Jenkins pipeline.
...
Retrieves the mobile app binary generated during the building steps.
Calls the Data Theorem Upload API to upload the mobile app binary directly to Data Theorem for scanning.
Step By Step Guide
Add the plugin to your Jenkins
Update the plugin
| ||||||
Add your Upload API key to the Jenkins global configurationRetrieve your Upload API key from the Data Theorem portal at the link below: https://www.securetheorem.com/mobile/sdlc/api_access On the home page of your Jenkins instance:
You will be provided with the option to create a Secret text credentials:
| ||||||
Add or update a Jenkins job
From the configuration page, you will be required to modify multiple sections:
| ||||||
Get access to your API Key (Credentials Binding)Use the Credential Binding Plugin to bind the API Key added in the previous step to an environment variable which must be named as DATA_THEOREM_UPLOAD_API_KEY. | ||||||
Add your building stepsBuild your sources using the Build section. You will need to generate a valid .apk or .ipa package during this step. | ||||||
Add the Data Theorem plugin to the jobThe Data Theorem plugin can be added from the Add post-build action list Configure the plugin by indicating the file name that will be generated on the Build To Upload field. This allows the plugin to discover and retrieve the package for upload. Examples of glob patterns:
If the file is located at /Users/jenkins/project-workspace/dir1/dir2/app.apk, you should only specify the relative part i.e dir1/dir2/app.apk. This is because the plugin has access to the current Jenkins workspace only. Advanced SectionSimulating Uploads You can simulate what file would be sent without actually uploading it to Data Theorem by checking the Don't Upload Build in the advanced options. Builds should be restricted to those that need analysis by Data Theorem's mobile app security services. The external id field can be set as a custom identifier for this app. Android Mapping Files You can upload a mapping file using the Android Mapping File option to have scan results deobfuscated.
Proxy Configuration If needed, you can configure the plugin to go through your company proxy on the advanced option of Post-Build Actions. You will have to specify the hostname and the port of the targeted proxy. You can also add your authentication credentials and bypass the certificate validation if needed | Advanced section: Proxy Configuration section: | |||||
Start a new build to test the pluginYou can test that the plugin is correctly configured by starting a new build and then access the last build result. If the plugin works you should get the following console output: | ||||||
Using the Data Theorem plugin inside a DSL pipelineAs an alternative since version 1.3.0, the Jenkins plugin is compatible with DSL pipelines. To send builds using DSL pipelines:
After the different builds stages, add a new stage named as Upload Build To Data Theorem. You will be required to set an environment variable with your secret upload api key using the command withCredentials() from the Credentials Binding Plugin
Scripted Pipeline Integration The plugin supports scripted pipeline integration. To use this option, you would need to replace the DSL command with the following command: [$class :'SendBuildToDataTheoremPublisher', buildToUpload: '**/*.apk', mappingFileToUpload: null, dontUpload: false, dataTheoremUploadApiKey: env.DATA_THEOREM_UPLOAD_API_KEY, proxyHostname: '', proxyPort: 0, proxyUsername: '', proxyPassword: '', proxyUnsecuredConnection: false] | Data Theorem DSL Pipeline example stage
| |||||
Send Application Credentials to Data Theorem
| For DSL pipeline you should add the following parameters to
| |||||
...