Configuring continuous integration testing for mobile applications
Following the same trend of automated analysis in the earlier recipes, this recipe will show how to configure dependency scans and dynamic analysis of Android application builds prior to production deployments.
Getting ready
In this recipe, we will use a Jenkins automation build server and the following tools:
- Mobile Security Framework (MobSF): This is an open source mobile application static and dynamic analysis tool. MobSF is actively being worked on and modified for the mobile security community. MobSF can be downloaded from the following link:
https://github.com/MobSF/Mobile-Security-Framework-MobSF/archive/master.zip
- OWASP Dependency-Check: This is a tool that detects publicly disclosed vulnerabilities within a project's dependencies for multiple programming languages such as Java, NodeJS, Python, Ruby, and Swift to name a few. We will use the Jenkins
OWASP Dependency-Check Plugin
that can be downloaded via the Jenkins plugin...