diff --git a/doc/SecurityScan.md b/doc/SecurityScan.md index 37324ef..be509ee 100644 --- a/doc/SecurityScan.md +++ b/doc/SecurityScan.md @@ -1,5 +1,9 @@ # MobSF Security scan integration +This project includes automated static application security testing (SAST) for the generated binaries for both iOS and Android. +This is helpful to identify opportunities to reduce your app's susceptibility to attacks from malicious third parties. +We use [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) to scan the produced artifacts and generate a report with the analysis results. + ## stage-security-scan.yml This YAML configuration snippet outlines the setup for conditional security scanning within a CI/CD pipeline, specifically targeting iOS and Android platforms. The security scans are facilitated through the Mobile Security Framework (MobSF), a comprehensive tool designed for mobile security testing. @@ -48,6 +52,10 @@ This job mirrors the iOS security scan job but targets Android applications. It Integrating the security scanning configuration into your `azure-pipelines.yml` pipeline requires activating specific parameters to enable the process. Set `enableIosSecurityScan` and `enableAndroidSecurityScan` to **true** as per your project's requirements. This approach ensures a tailored security assessment for mobile applications across different environments, in this case Staging and Production, utilizing **MobSF** for comprehensive vulnerability detection prior to deployment. +## Output +After a successful build, the results of the security analysis are added as Artifacts for your CI pipelines. +Two files are included: A PDF file (with a human-readable version of the scan results) and a JSON file which can be further analyzed, or even used as part of an automated process to identify specific portions of the report that can be of interest. + ## References - [MobSF Documentation](https://mobsf.github.io/docs/#/) - [MobSF API Docs](https://mobsf.live/api_docs) \ No newline at end of file diff --git a/src/cli/CHANGELOG.md b/src/cli/CHANGELOG.md index a706313..07c8c62 100644 --- a/src/cli/CHANGELOG.md +++ b/src/cli/CHANGELOG.md @@ -5,6 +5,9 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) Prefix your items with `(Template)` if the change is about the template and not the resulting application. +## 0.20.4 +- Updates to documentation + ## 0.20.3 - (CI/CD) Fixes an authentication issue with pub.dev