{"id":13843733,"url":"https://github.com/Guardsquare/appsweep-gradle","last_synced_at":"2025-07-11T19:33:29.892Z","repository":{"id":37274382,"uuid":"388719549","full_name":"Guardsquare/appsweep-gradle","owner":"Guardsquare","description":"This Gradle plugin can be used to continuously integrate app scanning using AppSweep into your Android app build process","archived":false,"fork":false,"pushed_at":"2024-06-07T10:18:16.000Z","size":178,"stargazers_count":47,"open_issues_count":5,"forks_count":3,"subscribers_count":10,"default_branch":"main","last_synced_at":"2024-11-14T08:05:15.419Z","etag":null,"topics":["android-development","app-testing","security-tools"],"latest_commit_sha":null,"homepage":"http://guardsquare.com/appsweep-mobile-application-security-testing","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Guardsquare.png","metadata":{"files":{"readme":"README.md","changelog":"changelog.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-07-23T07:44:01.000Z","updated_at":"2024-06-10T12:32:05.000Z","dependencies_parsed_at":"2024-06-07T11:39:25.193Z","dependency_job_id":null,"html_url":"https://github.com/Guardsquare/appsweep-gradle","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Guardsquare%2Fappsweep-gradle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Guardsquare%2Fappsweep-gradle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Guardsquare%2Fappsweep-gradle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Guardsquare%2Fappsweep-gradle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Guardsquare","download_url":"https://codeload.github.com/Guardsquare/appsweep-gradle/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225755125,"owners_count":17519206,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android-development","app-testing","security-tools"],"created_at":"2024-08-04T17:02:25.535Z","updated_at":"2025-07-11T19:33:29.882Z","avatar_url":"https://github.com/Guardsquare.png","language":"Kotlin","funding_links":[],"categories":["Kotlin"],"sub_categories":[],"readme":"\u003cp\u003e\n \u003cbr /\u003e\n \u003cbr /\u003e\n \u003cbr /\u003e\n \u003cbr /\u003e\n\u003ch2\u003eThe Gradle plugin is DEPRECATED, and superseded by the Guarsquare CLI.\u003cbr /\u003e\nDetails on how to set up and use the CLI can be found in \n\u003ca href=\"https://help.guardsquare.com/en/collections/294665-integrations-automation\"\u003eour documentation\u003c/a\u003e.\u003c/h2\u003e\n \u003cbr /\u003e\n \u003cbr /\u003e\n \u003cbr /\u003e\n \u003cbr /\u003e\n \u003cbr /\u003e\n \u003cbr /\u003e\n \u003cbr /\u003e\n\u003c/p\u003e\n\n\n\u003cp align=\"center\"\u003e\n \u003cbr /\u003e\n \u003cbr /\u003e\n \u003ca href=\"https://guardsquare.com/appsweep-mobile-application-security-testing\"\u003e\n \u003cimg\n src=\"https://appsweep.guardsquare.com/AppSweep-blue.svg\"\n alt=\"AppSweep\" width=\"400\"\u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\n\n\u003ch4 align=\"center\"\u003eGradle Plugin for Continuous Integration of AppSweep App Testing.\u003c/h4\u003e\n\n\u003c!-- Badges --\u003e\n\u003cp align=\"center\"\u003e\n \u003c!-- License --\u003e\n \u003ca href=\"LICENSE\"\u003e\n \u003cimg src=\"https://img.shields.io/github/license/guardsquare/appsweep-gradle-plugin\"\u003e\n \u003c/a\u003e\n\n \u003c!-- Version --\u003e\n \u003ca href=\"https://plugins.gradle.org/plugin/com.guardsquare.appsweep\" target=\"_blank\"\u003e\n \u003cimg src=\"https://img.shields.io/gradle-plugin-portal/v/com.guardsquare.appsweep\"\u003e\n \u003c/a\u003e\n\n\n\n \u003c!-- Twitter --\u003e\n \u003ca href=\"https://twitter.com/Guardsquare\" target=\"_blank\"\u003e\n \u003cimg src=\"https://img.shields.io/twitter/follow/guardsquare?style=social\"\u003e\n \u003c/a\u003e\n\n\u003c/p\u003e\n\n\u003cbr /\u003e\n\u003cp align=\"center\"\u003e\n \u003ca href=\"#configuring-the-plugin\"\u003e\u003cb\u003eConfiguring the Plugin\u003c/b\u003e\u003c/a\u003e ā€¢\n \u003ca href=\"#initiate-the-scan\"\u003e\u003cb\u003eInitiate the Scan\u003c/b\u003e\u003c/a\u003e ā€¢\n \u003ca href=\"#further-configuration\"\u003e\u003cb\u003eFurther Configuration\u003c/b\u003e\u003c/a\u003e \n\u003c/p\u003e\n\u003cbr /\u003e\n\n## Configuring the Plugin\n\nThe AppSweep plugin is published in the Gradle Public Repository, and can be easily added to your Android project by adding\n\n```Groovy\nplugins {\n // Keep your other plugins here\n id \"com.guardsquare.appsweep\" version \"latest.release\"\n}\n```\n\nImportant: Appsweep must run after the Android and Dexguard plugins. Please add the Appsweep plugin below Android and Dexguard in the plugins section.\n\n\nNote: the dynamic version `latest.release` requires at least Gradle 7. If you want to build with an older Gradle version, you need to specify a version number.\n\nNext, you need to configure the plugin by providing an API key for your project.\n\n### Creating an API Key\nšŸš€ You can create an API key directly in AppSweep. To do so, you need to visit \n[AppSweep](https://appsweep.guardsquare.com), go to the project you want to create \nthe key for, go to the settings of the project and create the key in the API section.\n\nThis API key can then either be stored in the environment variable `APPSWEEP_API_KEY`, or by adding a \u003ca href=\"#further-configuration\"\u003eappsweep block\u003c/a\u003e to your `app/build.gradle`.\n\n## Initiate the Scan\n\nWhen the Gradle plugin is enabled and configured, some multiple `uploadToAppSweep*` Gradle tasks are registered. \nMore specifically, one task will be registered for each build variant of your app. For example, if you want to upload your release build variant, you can run:\n```bash\ngradle uploadToAppSweepRelease\n```\nin the root folder of your app.\n\nMoreover, if you have obfuscation enabled for a specific build variant, the plugin will pick up the obfuscation mapping file and upload that alongside the app.\n\nTo see all available AppSweep tasks, use \n```bash\ngradle tasks --group=AppSweep\n```\n\n## Further Configuration\n\nIn the `appsweep`-block in your `app/build.gradle(.kts)` file, you can make additional configurations.\n\n### API key\n\nInstead of using the environment variable for the API key, you can also specify it in the `appsweep`-block:\n\n```Groovy\nappsweep {\n apiKey \"gs_appsweep_SOME_API_KEY\"\n}\n```\n\n### Tags\n\nBy default, the Gradle plugin will tag each uploaded build with the variant name (e.g. `Debug` or `Release`). Additionally it will add a `Protected` tag for builds uploaded using the `uploadToAppSweep{variant}Protected` tasks. You can override this behavior and set your own tags:\n\n```Groovy\nappsweep {\n apiKey \"gs_appsweep_SOME_API_KEY\"\n configurations {\n release {\n tags \"Public\"\n }\n }\n}\n```\n\nThis will tag all builds of the release variant with `Public`.\n\n### Commit hash\n\nBy default, the Gradle plugin will keep track of the current commit hash. This will then be displayed along with your build results so you can easily identify which version was analysed. By default the command `git rev-parse HEAD` is used to obtain this commit hash.\n\nIf you don't want to keep track of the commit hash, you can turn off this feature by specifying the `addCommitHash` option:\n```Groovy\nappsweep {\n apiKey \"gs_appsweep_SOME_API_KEY\"\n addCommitHash false\n}\n```\n\nYou can also use an alternative command to retrieve the commit hash by overriding the `commitHashCommand` option:\n```Groovy\nappsweep {\n apiKey \"gs_appsweep_SOME_API_KEY\"\n commitHashCommand \"hg id -i\"\n}\n```\n\nThe output of the command is attached to the newly created build, and will be shown in the results to identify that specific commit.\n\n### Task caching\n\nBy default, the upload tasks are cached and won't run if the app is unchanged.\n\nIf this is not the desired behavior you can disable the caching and guarantee the creation of a new scan everytime an upload task \nis run (Android Studio might show a warning in this case, but it can be ignored):\n```Groovy\nappsweep {\n apiKey \"gs_appsweep_SOME_API_KEY\"\n cacheTask false\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FGuardsquare%2Fappsweep-gradle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FGuardsquare%2Fappsweep-gradle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FGuardsquare%2Fappsweep-gradle/lists"}