Integrating AppSweep, Guardsquare’s mobile application security testing tool, with GitHub, allows developers to automatically analyze their mobile app for potential security issues.
By automating your mobile testing process, security testing is automatically triggered from within your Continuous Integration pipeline, and your team can quickly see links to your scan results directly attached to a pull request.
This ensures you have instant, actionable feedback to improve the security posture of your mobile application.
How to set up the AppSweep GitHub Integration
In order to integrate with GitHub three things need to be set up:
- The AppSweep Gradle plugin needs to be used to build your app. This ensures apps are automatically uploaded for scanning.
- The AppSweep GitHub App needs to be installed on your GitHub account, which enables automated triggering of the app scan.
- The AppSweep App will need GitHub repository access enabled for AppSweep to post the results summary back.
Our AppSweep plugin is published in the Gradle Public Repository, and can be easily added to your Android project by adding the following to
Next, you need to configure the plugin by providing an API key for your project. You can create an API key in the API Keys section of your project settings on the AppSweep website.
The key can be easily tested locally with:
APPSWEEP_API_KEY=gs_appsweep_SOME_API_KEY ./gradlew uploadToAppSweepDebug
This schedules the app scan and shows the URL where to look for the results.
AppSweep uses commit hashes in order to associate pull requests on GitHub to app scans. By using our AppSweep Gradle plugin, the commit hashes are automatically attached to the scan.
To learn how to:
- Automate the scanning process with a GitHub action workflow
- Install the AppSweep App on your GitHub account
- View AppSweep scan results in GitHub
Check out our full blog Integrating AppSweep and GitHub to Automate Your Mobile App Security Testing.