{"id":19237414,"url":"https://github.com/datatheorem/data-theorem-mobile-secure-buildkite-plugin","last_synced_at":"2025-02-23T13:50:33.958Z","repository":{"id":247933998,"uuid":"827273619","full_name":"datatheorem/data-theorem-mobile-secure-buildkite-plugin","owner":"datatheorem","description":"Data Theorem Mobile Secure Buildkite Plugin","archived":false,"fork":false,"pushed_at":"2024-07-15T17:14:28.000Z","size":309,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-01-05T01:42:29.296Z","etag":null,"topics":["buildkite-plugin"],"latest_commit_sha":null,"homepage":"https://www.datatheorem.com/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/datatheorem.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-11T10:28:35.000Z","updated_at":"2024-07-15T17:14:09.000Z","dependencies_parsed_at":"2024-11-09T16:39:17.112Z","dependency_job_id":null,"html_url":"https://github.com/datatheorem/data-theorem-mobile-secure-buildkite-plugin","commit_stats":null,"previous_names":["datatheorem/data-theorem-mobile-secure-buildkite-plugin"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datatheorem%2Fdata-theorem-mobile-secure-buildkite-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datatheorem%2Fdata-theorem-mobile-secure-buildkite-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datatheorem%2Fdata-theorem-mobile-secure-buildkite-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datatheorem%2Fdata-theorem-mobile-secure-buildkite-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/datatheorem","download_url":"https://codeload.github.com/datatheorem/data-theorem-mobile-secure-buildkite-plugin/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240324060,"owners_count":19783453,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["buildkite-plugin"],"created_at":"2024-11-09T16:26:36.952Z","updated_at":"2025-02-23T13:50:33.939Z","avatar_url":"https://github.com/datatheorem.png","language":"Shell","readme":"# Data Theorem Mobile Secure BuildKite Plugin\n\nData Theorem's Mobile Secure will scan each pre-production release automatically (up to 7000 releases/day)\nfor security \u0026 privacy issues using static, dynamic, and behavioral analysis for both iOS and Android applications.\n\nMore information can be found here:  \nhttps://www.datatheorem.com/products/mobile-secure\n\n## Examples\n\n### Basic Example\nAdd the following to your `pipeline.yml`:\n\n```yml\nsteps:\n  - label: \"Build Mobile App Binary\"\n    # replace this step with your own logic to build the pre-prod mobile binary that you want to scan\n    command: \"echo 'Example mobile binary build step...'\"\n\n  - label: \"Upload Mobile App Binary to Data Theorem for scanning\"\n    plugins:\n      - datatheorem/data-theorem-mobile-secure:\n          UPLOAD_API_KEY: $(buildkite-agent secret get DT_UPLOAD_API_KEY)\n          BINARY_PATH: \"app-debug.apk\" # path to the pre-prod mobile binary built in the previous step\n```\n\n### Example with optional `SOURCEMAP_PATH`:\nAn optional Java mapping.txt file for deobfuscating Android binaries.\n\n```yml\nsteps:\n  - label: \"Build Mobile App Binary\"\n    # replace this step with your own logic to build the pre-prod mobile binary that you want to scan\n    command: \"echo 'Example mobile binary build step...'\"\n\n  - label: \"Upload Mobile App Binary to Data Theorem for scanning\"\n    plugins:\n      - datatheorem/data-theorem-mobile-secure:\n          UPLOAD_API_KEY: $(buildkite-agent secret get DT_UPLOAD_API_KEY)\n          BINARY_PATH: \"app-debug.apk\" # path to the pre-prod mobile binary built in the previous step\n          SOURCEMAP_PATH: \"mapping.txt\" # path to mapping.txt\n```\n\n### Example with scan result polling\nOptionally, you can configure the plugin to wait for the scan to complete and print out the number of new security findings.\nTo do this, add the extra flag `POLL_SCAN_RESULTS: true`\nThis mode will also require to set up a Data Theorem Mobile Results API Key\nIt can be retrieved or created at [DevSecOps -\u003e Data Theorem Results API](https://www.securetheorem.com/devsecops/v2/results_api_access)\nAnd set it as a secret accessible to your BuildKite pipeline.\n\n```yml\nsteps:\n  - label: \"Build Mobile App Binary\"\n    # replace this step with your own logic to build the pre-prod mobile binary that you want to scan\n    command: \"echo 'Example mobile binary build step...'\"\n\n  - label: \"Upload Mobile App Binary to Data Theorem for scanning\"\n    plugins:\n      - datatheorem/data-theorem-mobile-secure:\n          UPLOAD_API_KEY: $(buildkite-agent secret get DT_UPLOAD_API_KEY)\n          BINARY_PATH: \"app-debug.apk\" # path to the pre-prod mobile binary built in the previous step\n          POLL_SCAN_RESULTS: true\n          MOBILE_RESULTS_API_KEY: $(buildkite-agent secret get DT_MOBILE_RESULTS_API_KEY)\n```\n\nThe plugin's logs should look like this for a successful scan with no discovered security issues\n![buildkite-data-theorem-mobile-secure-plugin-polling-mode-no-issues.png](images%2Fbuildkite-data-theorem-mobile-secure-plugin-polling-mode-no-issues.png)\n\n## Configuration\n\n### `UPLOAD_API_KEY` (Required, string)\nAPI Key you can retrieve in the Data theorem Portal [DevSecOps -\u003e Scan via CI/CD](https://www.securetheorem.com/devsecops/v2/scancicd)\n\nHard-coding the raw value of the API key is not recommended for security reasons.\nWe recommend using [BuildKite Secrets](https://buildkite.com/docs/pipelines/security/secrets/buildkite-secrets)\n\n- On your agent cluster, define a secret named `DT_UPLOAD_API_KEY` and set the value to what you have retrieved from the Data Theorem Portal\n- In the BuildKite pipeline definition, you can pass the API Key as `UPLOAD_API_KEY: $(buildkite-agent secret get DT_UPLOAD_API_KEY)` in the plugin's inputs\n\n### `BINARY_PATH` (Required, string)\nPath to the mobile binary (APK, IPA, APPX or XAP) to be scanned.\n\n### `SOURCEMAP_PATH` (Optional, string)\nAn optional path to a Java mapping.txt file for deobfuscating Android binaries.\nNote: Once deobfuscation is enabled for PRE_PROD or ENTERPRISE Android app, future uploads of the same app will also require a mapping file.\nSee [How To Enable De-obfuscation of Android Scan Results Using A Mapping File](https://datatheorem.atlassian.net/servicedesk/customer/portal/1/article/61669389) for more information.\n\n### `POLL_SCAN_RESULTS` (Optional, boolean)\nWhen set to `true`, the plugin will poll for the scan's status until completion and print if the scan has found any new issues\nThis requires a Data Theorem Mobile Results API Key to be set (see below)\n\n### `MOBILE_RESULTS_API_KEY` (Optional, string)\nAPI Key you can retrieve in the Data theorem Portal [DevSecOps -\u003e Data Theorem Results API](https://www.securetheorem.com/devsecops/v2/results_api_access)\nThis is only required if you want to poll for scan results instead of exiting after starting the scan.\n\nHard-coding the raw value of the API key is not recommended for security reasons.\nWe recommend using [BuildKite Secrets](https://buildkite.com/docs/pipelines/security/secrets/buildkite-secrets)\n\n- On your agent cluster, define a secret named `DT_MOBILE_RESULTS_API_KEY` and set the value to what you have retrieved from the Data Theorem Portal\n- In the BuildKite pipeline definition, you can pass the API Key as `MOBILE_RESULTS_API_KEY: $(buildkite-agent secret get DT_MOBILE_RESULTS_API_KEY)` in the plugin's inputs\n\nIt should look like this in your Buildkite agent secret settings\n![buildkite-data-theorem-mobile-secure-plugin-secrets.png](images%2Fbuildkite-data-theorem-mobile-secure-plugin-secrets.png)","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatatheorem%2Fdata-theorem-mobile-secure-buildkite-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdatatheorem%2Fdata-theorem-mobile-secure-buildkite-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatatheorem%2Fdata-theorem-mobile-secure-buildkite-plugin/lists"}