AppSweep allows developers to analyze their mobile apps for potential security issues. This process can be automated by triggering the analysis from within your Continuous Integration (CI) pipeline with Jenkins.
Doing so enables you to continuously scan your application for security issues, without any manual steps. AppSweep also provides an intuitive UI to drill down into the scan details to quickly navigate to the relevant findings for specific builds.
In order to integrate with Jenkins, the following two things need to be set up:
- The AppSweep Gradle plugin needs to be set up for your app. This ensures apps are automatically uploaded for scanning.
- An AppSweep API Key needs to be set up for your project.
- This tutorial will show you how to implement this logic in your Jenkins pipeline and how you can view the results.
Our Gradle plugin is published in the Gradle Public Repository, and can thus be easily added to your Android project by adding the following to your app/build.gradle:
Note: the dynamic version latest.release requires at least Gradle 7. If you want to build with an older Gradle version, you need to specify a version number. The latest version number can be found in the Gradle Plugins Portal.
To learn how to:
- Configure the AppSweep Gradle plugin
- Automate the scanning process with a Jenkinsfile
- View the scan results
Check out our full article Integrating AppSweep with Jenkins For Automated App Security Scanning.