Data Theorem's Mobile Secure will scan each pre-production release automatically (up to 7000 releases/day) for security & privacy issues using static, dynamic, and behavioral analysis for both iOS and Android applications.
More information can be found here:
https://www.datatheorem.com/products/mobile-secure
Enabling this integration requires a valid Data Theorem API key.
To find your Data Theorem API key, connect to https://www.securetheorem.com/mobile/sdlc/api_access using your Data Theorem account.'
Create an encrypted variable named DT_UPLOAD_API_KEY
in your Github repository
For more information, see Github Encrypted secrets
Configure the Action by indicating path to the file that will be uploaded in the UPLOAD_BINARY_PATH
input.
You can use a glob pattern to indicate variable parts of the build's file name (for example, if the app's version number or build date is in the file name).
Examples of glob patterns:
app-*.apk
: search for any apk starting withapp-
in workspace root directory**/app-*.ipa
: search for any ipa starting withapp-
in any subdirectory of the workspace{,**/}app-debug*.*
: search for any file containingapp-debug
in root the directory or in any subdirectory of the workspace.
If multiple files match the provided pattern, all matching files will be uploaded. However, to prevent accidentally uploading content of a large directory there is a limit of 3 matching files. If more than 3 files match the pattern, the upload will fail with a corresponding error message.
You can optionally provide username and password to be used with dynamic (DAST) testing. Optional parameters (including username and password) are described in more details in the API documentation. We strongly recommend using Github Encrypted secrets to protect the dynamic testing credentials.
At this time, comments, release id, external id, and platform variant parameters are supported, in addition to username/password. When optional parameters are specified, they override previosly provided values. If optional parameters are omitted, previously provided value are used for username/password, and other parameters are set to blank/unused. For example, a build for which comments are not provided will show no comments.
If multiple files match the provided pattern, the same set of optional values will be sent with each file.
name: Build and upload to Data Theorem
on:
push:
branches: [ main ]
jobs:
apk:
name: Generate & Upload APK
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- name: set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Build debug APK
run: bash ./gradlew assembleDebug
- name: Upload to Data Theorem
uses: datatheorem/datatheorem-mobile-secure-action@v2.1.0
with:
UPLOAD_BINARY_PATH: "./app/build/outputs/apk/debug/app-debug.apk"
DT_UPLOAD_API_KEY: ${{ secrets.DT_UPLOAD_API_KEY }}
USERNAME: "test_user"
PASSWORD: ${{ secrets.DT_DAST_PASSWORD }}
COMMENTS: "This is a pre-production build."
RELEASE_ID: ${{ vars.GITHUB_RUN_NUMBER }}
EXTERNAL_ID: "App_12230045"