Pre-Production Scans: Uploads via CircleCI

Owned by Igor Matlin (Unlicensed)
Last updated: Aug 03, 2022Version comment
2 min read

Quickstart guide

This article describes how to configure a CircleCI CI/CD workflow to automatically upload mobile app binaries to Data Theorem for scanning. 

To automatically upload a mobile binary from CircleCI, a new step should be added at the end of your existing CircleCI workflow to upload the signed application binary (APK or IPA) to Data Theorem.

Step 1: Retrieving the Upload API key

Follow the instructions in step 1 of the Pre-Production Scans: Uploads via CI/CD article.

Step 2: Adding the Upload API key as an environment variable

Add your Upload API key retrieved in step 1 as an environment variable called DT_UPLOAD_API_KEY in your existing CircleCI workflow.  Open Project Settings, click on Environment Variables, then click on Add Environment Variable:

Environment Variable Setup

Step 3: Creating a new Run step to upload builds

Edit the project's configuration file (.circleci/config.yml) to add a new "Run" step at any point after a signed IPA or APK has been generated.  Editing can be done directly from the CircleCI interface (as shown below) or in your favorite editor along with the project's source code.

Insert the following code, replacing <path-to-signed-binary> with the path to the actual .ipa or .apk file relative to the project's root, e.g., app/build/outputs/apk/release/app-release-signed.apk.


      - run:
          name: Submit APK to Data Theorem
          command:
            step1_response=$(curl -X POST -H "Authorization: APIKey ${DT_UPLOAD_API_KEY}"  --data "" https://api.securetheorem.com/uploadapi/v1/upload_init)
            upload_url=$(echo ${step1_response} | cut -f 3 -d" "  | tr -d '"')
            step2_response=$(curl -F file=@<path-to-signed-binary> ${upload_url} --retry 3)


Save the configuration file and the integration should be ready. You can check the configuration by clicking Save and Run button in the upper right-hand corner (if editing in the CircleCI UI) or by checking the changes in and creating a pull request:

Once the CI/CD uploads are enabled, pre-production scans will be completed automatically. Please note:

  • Scan alerts will still be sent when pre-production scans start and complete
  • Public app store releases will still be scanned as well
  • All results will be published to the portal (where pre-prod apps are labeled as “PreProd”)