Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

  1. First, get your Data Theorem Upload API Key by according to step 1 on this page: Pre-Production Scans: Uploads via CI/CD

  2. A new step should be added at the end of your existing mobile pipeline to upload the signed application binary (APK or IPA) to Data Theorem.

This new step requires:

  • The Upload API key retrieved in step 1 to be available in the CI system via the DT_UPLOAD_API_KEY environment variable.

    This API key is sensitive, please see Buildkite’s official documentation on Managing pipeline secrets

  • The path to the compiled and signed mobile binary to be available in the CI system via the SIGNED_BINARY_PATH environment variable.

Here is a sample Buildkite pipeline that uploads a Mobile App Binary to Data Theorem for scanning after a build step:

env:
  SIGNED_BINARY_PATH: "app-debug.apk"
steps:
  - label: "Build Mobile App Binary"
    command: "echo 'Example monile binary build step...'"
  - label: "Upload Mobile App Binary to Data Theorem for scanning"
    command: "
      echo 'Get upload url';
      step1_response=$(curl -s -w '%{http_code}' -X POST -H \"Authorization: APIKey \\$DT_UPLOAD_API_KEY\"  --data ''  https://api.securetheorem.com/uploadapi/v1/upload_init);
      http_code=\\${step1_response: -3};
      response_body=\\${step1_response::-3};
      [ ! \\${http_code} -eq 200 ] && echo \\${response_body} && exit 1;
      upload_url=\\$(echo \\${response_body} | jq -r \".upload_url\");
      echo \\$upload_url;
      
      echo 'Upload app';
      step2_response=$(curl --fail-with-body -F file=@${SIGNED_BINARY_PATH} \\${upload_url}) && echo \\$step2_response;
      "

In the Buildkite UI, it should look like this:

 

After running the step, you should get an output like this

Once the CI/CD uploads are enabled, pre-production scans will be completed automatically. Please note:

  • Scan alerts will still be sent when pre-production scans start and complete

    • Public app store releases will still be scanned as well

    • All results will be published to the portal (where pre-prod apps are labeled as “PreProd”)

Optional inputs:

Some additional inputs can be added along with the binary upload, such as credentials for dynamic scanning.
See documentation at: ​Pre-Production Scans: Uploads via CI/CD

  • No labels