This article describes how to configure a Bitrise CI/CD workflow to automatically upload mobile app binaries to Data Theorem for scanning.
To automatically upload a mobile binary from Bitrise, a new step should be added at the end of your existing Bitrise workflow to upload the signed application binary (APK or IPA) to Data Theorem.
Follow the instructions in the step 1 of the Pre-Production Scans: Uploads via CI/CD article.
Add your Upload API key retrieved in step 1 as a secret environment variable called DT_UPLOAD_API_KEY in your existing Bitrise workflow:
Add a new step at any point in your workflow after a signed IPA or APK has been generated.
Search for the Data Theorem Mobile Secure step
In the new "Data Theorem Mobile Secure" step, configure the step's inputs:
The file path to your generated mobile app binary, for example it can be set to $BITRISE_APK_PATH for Android or $BITRISE_IPA_PATH for iOS
Select your DT_UPLOAD_API_KEY secret variable set in step 2
Save the workflow and the integration should be ready. After configuring it, your workflow should like this:
Once the CI/CD uploads are enabled, pre-production scans will be completed automatically. Please note:
Scan alerts will still be sent when pre-production scans start and complete
Public app store releases will still be scanned as well
All results will be published to the portal (where pre-prod apps are labeled as “PreProd”)