Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

The following steps allow organizations to automatically scan pre-production releases of their mobiles apps using existing developer tools and processes. DevOps can fully automate the SDLC by integrating our API to existing CI/CD tools such as Travis CI, Jenkins, Bitrise, fastlane, Xcode server, etc.

Quickstart guide

The Upload API can be used to upload PreProd mobile binaries directly to Data Theorem for scanning. The full documentation is available at: https://datatheorem.github.io/PortalApi/upload_api.html.

Step 1: retrieving the Upload API key

First, you will need to retrieve your organization's Upload API key from the portal, at https://www.securetheorem.com/sdlc/api_access within the “API Key” section:

Step 2: configuring an upload step in CI/CD

Most CI/CD systems (Travis CI, Bitrise, CircleCI, etc.) allow running a bash script as a step within the CI pipeline. A new step should be added at the end of your existing mobile pipeline to upload the signed application binary (APK or IPA) to Data Theorem.

This new upload step requires:

  • The Upload API key retrieved in step 1 to be available in the CI system via the DT_UPLOAD_API_KEY environment variable.
  • The path to the compiled and signed mobile binary to be available in the CI system via the SIGNED_BINARY_PATH environment variable.

The following bash script can then be used as the upload step:

#!/usr/bin/env bash
# Fail if any commands fails
set -ex

maxRetries=3
for (( retry = 0; retry < maxRetries; retry++ ))
do
  # Step 1: get the upload URL
  echo "Get upload url"
  step1_response=$(curl -s -w "%{http_code}" -X POST -H "Authorization: APIKey ${DT_UPLOAD_API_KEY}"  --data ""  https://api.securetheorem.com/uploadapi/v1/upload_init)
  http_code=${step1_response: -3}
  response_body=${step1_response::-3}

  # Check that http status code is 200
  [ ! ${http_code} -eq 200 ] && echo ${response_body} && exit 1
  upload_url=$(echo ${response_body} | jq -r ".upload_url")
  echo ${upload_url}

  # Step 2: upload the APK
  echo "Upload app"
  step2_response=$(curl -F file=@${SIGNED_BINARY_PATH} ${upload_url}) && echo ${step2_response} && break
done

if [ ${retry} -ge ${maxRetries} ]; then
  echo "Upload failed after ${maxRetries} attempts"
  exit 1
fi


Once the CI/CD uploads are enabled, pre-production scans will be completed automatically. Please note:

  • Scan alerts will still be sent when pre-production scans start and complete
  • Public app store releases will still be scanned as well
  • All results will be published to the portal (where pre-prod apps are labeled as “PreProd”)

Additional Resources

More detailed guides are available for specific CI/CD systems:

  • No labels