Quickstart guide
This article describes how to configure a Bitrise CI/CD workflow to automatically upload mobile app binaries to Data Theorem for scanning.
Step 1: retrieving the Upload API key
Follow the instructions in the step 1 of the Pre-Production Scans: Uploads via CI/CD article.
Step 2: configuring an upload step in Bitrise
To automatically upload a mobile binary from Bitrise, a new step should be added at the end of your existing Bitrise workflow to upload the signed application binary (APK or IPA) to Data Theorem.
- Add your Upload API key retrieved in step 1 as a secret environment variable called DT_UPLOAD_API_KEY in your existing Bitrise workflow:
- Add a new "Script" step at any point in your workflow after a signed IPA or APK has been generated:
In the new "Script" step, insert the following code as the Script's content. This script assumes that the path to the signed APK path will be available in the BITRISE_SIGNED_APK_PATH environment variable (the default name used by the Bitrise) "Sign APK" step. You might to update the name as needed.
#!/usr/bin/env bash # Fail if any commands fails set -e # Step 1: get the upload URL step1_response=$(curl -X POST -H "Authorization: Bearer ${DT_UPLOAD_API_KEY}" --data "" https://api.securetheorem.com/uploadapi/v1/upload_init) upload_url=$(echo ${step1_response} | cut -f 3 -d" " | tr -d '"') # Step 2: upload the APK step2_response=$(curl -F file=@${BITRISE_SIGNED_APK_PATH} ${upload_url} --retry 3)
Save the workflow and the integration should be ready. After configuring it, your workflow should like this:
Once the CI/CD uploads are enabled, pre-production scans will be completed automatically. Please note:
- Scan alerts will still be sent when pre-production scans start and complete
- Public app store releases will still be scanned as well
- All results will be published to the portal (where pre-prod apps are labeled as “PreProd”)