Merge pull request #44 from nventive/dev/lebo/doc-updates

docs: Add additional information for Security Scans
nventive · Sep 6, 2024 · 6eb8ce9 · 6eb8ce9
2 parents 0cbf860 + 0725851
commit 6eb8ce9
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/doc/SecurityScan.md b/doc/SecurityScan.md
@@ -1,5 +1,9 @@
 # MobSF Security scan integration
 
+This project includes automated static application security testing (SAST) for the generated binaries for both iOS and Android. 
+This is helpful to identify opportunities to reduce your app's susceptibility to attacks from malicious third parties. 
+We use [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) to scan the produced artifacts and generate a report with the analysis results.
+
 ## stage-security-scan.yml
 
 This YAML configuration snippet outlines the setup for conditional security scanning within a CI/CD pipeline, specifically targeting iOS and Android platforms. The security scans are facilitated through the Mobile Security Framework (MobSF), a comprehensive tool designed for mobile security testing.
@@ -48,6 +52,10 @@ This job mirrors the iOS security scan job but targets Android applications. It
 
 Integrating the security scanning configuration into your `azure-pipelines.yml` pipeline requires activating specific parameters to enable the process. Set `enableIosSecurityScan` and `enableAndroidSecurityScan` to **true** as per your project's requirements. This approach ensures a tailored security assessment for mobile applications across different environments, in this case Staging and Production, utilizing **MobSF** for comprehensive vulnerability detection prior to deployment.
 
+## Output
+After a successful build, the results of the security analysis are added as Artifacts for your CI pipelines. 
+Two files are included: A PDF file (with a human-readable version of the scan results) and a JSON file which can be further analyzed, or even used as part of an automated process to identify specific portions of the report that can be of interest.
+
 ## References
 - [MobSF Documentation](https://mobsf.github.io/docs/#/)
 - [MobSF API Docs](https://mobsf.live/api_docs)
diff --git a/src/cli/CHANGELOG.md b/src/cli/CHANGELOG.md
@@ -5,6 +5,9 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 
 Prefix your items with `(Template)` if the change is about the template and not the resulting application.
 
+## 0.20.4
+- Updates to documentation
+
 ## 0.20.3
 - (CI/CD) Fixes an authentication issue with pub.dev