{"id":19237450,"url":"https://github.com/datatheorem/datatheorem-mobile-secure-action","last_synced_at":"2025-07-22T19:34:11.648Z","repository":{"id":38444540,"uuid":"350305178","full_name":"datatheorem/datatheorem-mobile-secure-action","owner":"datatheorem","description":null,"archived":false,"fork":false,"pushed_at":"2025-07-15T17:36:36.000Z","size":10197,"stargazers_count":4,"open_issues_count":0,"forks_count":2,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-07-16T14:03:42.505Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/datatheorem.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-03-22T10:43:59.000Z","updated_at":"2025-07-15T18:07:28.000Z","dependencies_parsed_at":"2024-10-25T05:27:33.953Z","dependency_job_id":"cd6bebcd-d6ab-486e-83f4-5185df521eda","html_url":"https://github.com/datatheorem/datatheorem-mobile-secure-action","commit_stats":{"total_commits":25,"total_committers":4,"mean_commits":6.25,"dds":0.4,"last_synced_commit":"e26a4f4b18eabd03de00749789d57448ad956339"},"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/datatheorem/datatheorem-mobile-secure-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datatheorem%2Fdatatheorem-mobile-secure-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datatheorem%2Fdatatheorem-mobile-secure-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datatheorem%2Fdatatheorem-mobile-secure-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datatheorem%2Fdatatheorem-mobile-secure-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/datatheorem","download_url":"https://codeload.github.com/datatheorem/datatheorem-mobile-secure-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datatheorem%2Fdatatheorem-mobile-secure-action/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265622393,"owners_count":23799966,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T16:26:44.153Z","updated_at":"2025-07-22T19:34:11.638Z","avatar_url":"https://github.com/datatheorem.png","language":"JavaScript","readme":"# Data Theorem Mobile Secure Github Action\n\nData Theorem's Mobile Secure will scan each pre-production release automatically (up to 7000 releases/day)\nfor security \u0026 privacy issues using static, dynamic, and behavioral analysis for both iOS and Android applications.\n\nMore information can be found here:  \nhttps://www.datatheorem.com/products/mobile-secure\n\nEnabling this integration requires a valid Data Theorem API key.\n\n## Set your Data Theorem API keys as secrets:\nTo find your Data Theorem API keys, go to https://www.securetheorem.com/devsecops/results_api_access using your Data Theorem account.\n\nCreate encrypted variables in your Github repository:\n- `DT_UPLOAD_API_KEY` - Required for uploading binaries\n- `DT_RESULTS_API_KEY` - Required when using vulnerability blocking (BLOCK_ON_SEVERITY) or warnings (WARN_ON_SEVERITY)\n\nFor more information, see [Github Encrypted secrets](https://docs.github.com/en/actions/reference/encrypted-secrets)\n\n## Set the path to the binary files to upload\nConfigure the Action by indicating path to the file that will be uploaded in the `UPLOAD_BINARY_PATH` input.\n\nYou can use a glob pattern to indicate variable parts of the build's file name (for example, if the app's version number or build date is in the file name).  \nExamples of glob patterns:\n- `app-*.apk` : search for any apk starting with `app-` in workspace root directory\n- `**/app-*.ipa` : search for any ipa starting with `app-` in any subdirectory of the workspace\n- `{,**/}app-debug*.*` : search for any file containing `app-debug` in root the directory or in any subdirectory of the workspace.\n\nIf multiple files match the provided pattern, all matching files will be uploaded. However, to prevent accidentally uploading content of a large directory there is a limit of 3 matching files.  If more than 3 files match the pattern, the upload will fail with a corresponding error message.\n\n## Set optional parameters\nYou can optionally provide username and password to be used with dynamic (DAST) testing.  Optional parameters (including username and password) are described in more details in the [API documentation](https://datatheorem.github.io/PortalApi/mobile_security_devops/uploading_mobile_apps.html).  We strongly recommend using [Github Encrypted secrets](https://docs.github.com/en/actions/reference/encrypted-secrets) to protect the dynamic testing credentials.\n\nAt this time, comments, release id, external id, and platform variant parameters are supported, in addition to username/password.  When optional parameters are specified, they override previosly provided values.  If optional parameters are omitted, previously provided value are used for username/password, and other parameters are set to blank/unused.  For example, a build for which comments are not provided will show no comments.\n\nIf multiple files match the provided pattern, the same set of optional values will be sent with each file. \n\n## Vulnerability Blocking and Warnings\n\nThe action supports automatic build blocking and vulnerability warnings based on security findings.\n\n### `BLOCK_ON_SEVERITY`\nWhen `BLOCK_ON_SEVERITY` is specified, the action will:\n\n1. Wait for the scan to complete (up to 5 minutes)\n2. Check for security findings at or above the specified severity level\n3. Block the build if any vulnerabilities are found at the minimum severity threshold\n\n### `WARN_ON_SEVERITY`\nWhen `WARN_ON_SEVERITY` is specified, the action will:\n\n1. Wait for the scan to complete (up to 5 minutes)\n2. Check for security findings at or above the specified severity level\n3. Print warning messages if vulnerabilities are found, but continue the build\n\n**Important:** Both vulnerability blocking and warnings require a separate `DT_RESULTS_API_KEY` with results access permissions.\n\n### Severity Levels\n- `HIGH`: Block on high severity vulnerabilities only\n- `MEDIUM`: Block on medium and high severity vulnerabilities  \n- `LOW`: Block on all severity vulnerabilities (low, medium, high)\n\n### Example with Vulnerability Blocking\n```yaml\n- name: Upload to Data Theorem with blocking if high or medium vulnerabilities are found\n  uses: datatheorem/datatheorem-mobile-secure-action@v2.3.1\n  with:\n    UPLOAD_BINARY_PATH: \"./app/build/outputs/apk/debug/app-debug.apk\"\n    DT_UPLOAD_API_KEY: ${{ secrets.DT_UPLOAD_API_KEY }}\n    DT_RESULTS_API_KEY: ${{ secrets.DT_RESULTS_API_KEY }}\n    BLOCK_ON_SEVERITY: \"MEDIUM\"\n```\n\n### Example with Vulnerability Warnings\n```yaml\n- name: Upload to Data Theorem with warnings for high severity vulnerabilities\n  uses: datatheorem/datatheorem-mobile-secure-action@v2.3.1\n  with:\n    UPLOAD_BINARY_PATH: \"./app/build/outputs/apk/debug/app-debug.apk\"\n    DT_UPLOAD_API_KEY: ${{ secrets.DT_UPLOAD_API_KEY }}\n    DT_RESULTS_API_KEY: ${{ secrets.DT_RESULTS_API_KEY }}\n    WARN_ON_SEVERITY: \"HIGH\"\n```\n\n### Example with Both Blocking and Warnings\n```yaml\n- name: Upload to Data Theorem with blocking on high and warnings on medium vulnerabilities\n  uses: datatheorem/datatheorem-mobile-secure-action@v2.3.1\n  with:\n    UPLOAD_BINARY_PATH: \"./app/build/outputs/apk/debug/app-debug.apk\"\n    DT_UPLOAD_API_KEY: ${{ secrets.DT_UPLOAD_API_KEY }}\n    DT_RESULTS_API_KEY: ${{ secrets.DT_RESULTS_API_KEY }}\n    BLOCK_ON_SEVERITY: \"HIGH\"\n    WARN_ON_SEVERITY: \"MEDIUM\"\n```\n\n**Note:** Both vulnerability blocking and warning features will cause the action to wait for scan completion before proceeding. This adds time to your build process but ensures security issues are caught before deployment.\n\n## Sample usage\n\n```yaml\nname: Build and upload to Data Theorem\n\non:\n  push:\n    branches: [ main ]\n\njobs:\n  apk:\n    name: Generate \u0026 Upload APK\n    runs-on: ubuntu-20.04\n    steps:\n      - uses: actions/checkout@v4\n      - name: set up JDK 17\n        uses: actions/setup-java@v4\n        with:\n          java-version: 17\n      - name: Build debug APK\n        run: bash ./gradlew assembleDebug\n      - name: Upload to Data Theorem\n        uses: datatheorem/datatheorem-mobile-secure-action@v2.3.1\n        with:\n          UPLOAD_BINARY_PATH: \"./app/build/outputs/apk/debug/app-debug.apk\"\n          DT_UPLOAD_API_KEY: ${{ secrets.DT_UPLOAD_API_KEY }}\n          DT_RESULTS_API_KEY: ${{ secrets.DT_RESULTS_API_KEY }}  # Required for vulnerability blocking\n          USERNAME: \"test_user\"\n          PASSWORD: ${{ secrets.DT_DAST_PASSWORD }}\n          COMMENTS: \"This is a pre-production build.\"\n          RELEASE_ID: ${{ vars.GITHUB_RUN_NUMBER }}\n          EXTERNAL_ID: \"App_12230045\"\n          BLOCK_ON_SEVERITY: \"HIGH\"  # Optional: Block build on high severity vulnerabilities\n          WARN_ON_SEVERITY: \"MEDIUM\"  # Optional: Warn on medium severity vulnerabilities\n\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatatheorem%2Fdatatheorem-mobile-secure-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdatatheorem%2Fdatatheorem-mobile-secure-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatatheorem%2Fdatatheorem-mobile-secure-action/lists"}