Quickstart guide
This article describes how to configure a CircleCI CI/CD workflow to automatically upload mobile app binaries to Data Theorem for scanning.
To automatically upload a mobile binary from CircleCI, a new step should be added at the end of your existing CircleCI workflow to upload the signed application binary (APK or IPA) to Data Theorem.
Step 1: Retrieving the Upload API key
Follow the instructions in step 1 of the Pre-Production Scans: Uploads via CI/CD article.
Step 2: Adding the Upload API key as an environment variable
Add your Upload API key retrieved in step 1 as an environment variable called DT_UPLOAD_API_KEY in your existing CircleCI workflow. Open Project Settings, click on Environment Variables, then Add Environment Variable:
Step 3: Creating a new Run step to upload builds
Edit the project's configuration file (.circleci/config.yml) to add a new "Run" step at any point after a signed IPA or APK has been generated.
Insert the following code, replacing <path-to-signed-binary> with the path to the actual .ipa or .apk file relative to the project's root, e.g., app/build/outputs/apk/release/app-release-signed.apk.
- run:
name: Submit APK to Data Theorem
command:
step1_response=$(curl -X POST -H "Authorization: APIKey ${DT_UPLOAD_API_KEY}" --data "" https://api.securetheorem.com/uploadapi/v1/upload_init)
upload_url=$(echo ${step1_response} | cut -f 3 -d" " | tr -d '"')
step2_response=$(curl -F file=<path-to-signed-binary> ${upload_url} --retry 3)
Save the configuration file and the integration should be ready. You can check the configuration by clicking Save and Run button in the upper right-hand corner:
Once the CI/CD uploads are enabled, pre-production scans will be completed automatically. Please note:
- Scan alerts will still be sent when pre-production scans start and complete
- Public app store releases will still be scanned as well
- All results will be published to the portal (where pre-prod apps are labeled as “PreProd”)