Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Quickstart guide

This article describes how to configure a Bitrise CI/CD workflow to automatically upload mobile app binaries to Data Theorem for scanning. 

To automatically upload a mobile binary from Bitrise, a new step should be added at the end of your existing Bitrise workflow to upload the signed application binary (APK or IPA) to Data Theorem.

Step 1: retrieving the Upload API key

Follow the instructions in the step 1 of the Pre-Production Scans: Uploads via CI/CD article.

Step 2: adding the Upload API key as an environment variable

Add your Upload API key retrieved in step 1 as a secret environment variable called DT_UPLOAD_API_KEY in your existing Bitrise workflow:

Step 3: creating a new Workflow step to upload builds

Add a new "Script" step at any point in your workflow after a signed IPA or APK has been generated:

In the new "Script" step, insert the following code as the Script's content. This script assumes that the path to the signed APK path will be available in the BITRISE_SIGNED_APK_PATH environment variable (the default name used by the Bitrise "Sign APK" step). You might to update the name as needed.

#!/usr/bin/env bash
# Fail if any commands fails
set -e

# Step 1: get the upload URL
step1_response=$(curl -X POST -H "Authorization: APIKey ${DT_UPLOAD_API_KEY}"  --data ""  https://api.securetheorem.com/uploadapi/v1/upload_init)             
upload_url=$(echo ${step1_response} | cut -f 3 -d" "  | tr -d '"')

# Step 2: upload the APK
step2_response=$(curl -F file=@${BITRISE_SIGNED_APK_PATH} ${upload_url} --retry 3)


Save the workflow and the integration should be ready. After configuring it, your workflow should like this:


Once the CI/CD uploads are enabled, pre-production scans will be completed automatically. Please note:

  • Scan alerts will still be sent when pre-production scans start and complete
  • Public app store releases will still be scanned as well
  • All results will be published to the portal (where pre-prod apps are labeled as “PreProd”)
  • No labels