Pre-Production Scans: Uploads via Bitrise

Quickstart guide

This article describes how to configure a Bitrise CI/CD workflow to automatically upload mobile app binaries to Data Theorem for scanning. 

To automatically upload a mobile binary from Bitrise, a new step should be added at the end of your existing Bitrise workflow to upload the signed application binary (APK or IPA) to Data Theorem.

Step 1: retrieving the Upload API key

Follow the instructions in the step 1 of the Pre-Production Scans: Uploads via CI/CD article.

Step 2: adding the Upload API key as an environment variable

Add your Upload API key retrieved in step 1 as a secret environment variable called DT_UPLOAD_API_KEY in your existing Bitrise workflow:

 

Step 3: creating a new Workflow step to upload builds

Add a new step at any point in your workflow after a signed IPA or APK has been generated.

Search for the Data Theorem Mobile Secure step



In the new "Data Theorem Mobile Secure" step, configure the step's inputs:

  • The file path to your generated mobile app binary, for example it can be set to $BITRISE_APK_PATH for Android or $BITRISE_IPA_PATH for iOS

  • Select your DT_UPLOAD_API_KEY secret variable set in step 2



Save the workflow and the integration should be ready. After configuring it, your workflow should like this:





Once the CI/CD uploads are enabled, pre-production scans will be completed automatically. Please note:

  • Scan alerts will still be sent when pre-production scans start and complete

  • Public app store releases will still be scanned as well

  • All results will be published to the portal (where pre-prod apps are labeled as “PreProd”)