GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Soluto → mobsf-ci

Soluto / mobsf-ci

Licence: MIT License
All that is required to run MobSF in the ci

Programming Languages

shell
77523 projects
ruby
36898 projects - #4 most used programming language
Dockerfile
14818 projects

Labels

automationmobilecicdmobsfdevsecopssecurity-testing

Projects that are alternatives of or similar to mobsf-ci

Mobile Security Framework Mobsf
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+27500%)
Mutual labels:  mobsf, devsecops
Holisticinfosec For Webdevelopers Fascicle0
📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚
Stars: ✭ 37 (+0%)
Mutual labels:  devsecops, security-testing
Securecodebox
secureCodeBox (SCB) - continuous secure delivery out of the box
Stars: ✭ 279 (+654.05%)
Mutual labels:  devsecops, security-testing
MixewayHub
Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.
Stars: ✭ 80 (+116.22%)
Mutual labels:  cicd, devsecops
penetration testing
🎩 [penetration testing Book], Kali Magic, Cryptography, Hash Crack, Botnet, Rootkit, Malware, Spyware, Python, Go, C|EH.
Stars: ✭ 57 (+54.05%)
Mutual labels:  security-testing
gitoops
all paths lead to clouds
Stars: ✭ 579 (+1464.86%)
Mutual labels:  cicd
makes
A DevSecOps framework powered by Nix.
Stars: ✭ 158 (+327.03%)
Mutual labels:  devsecops
azure-policy-as-code
Bicep and Terraform code examples for policy-as-code workflows. Azure governance guardrails and automation - by @jesseloudon
Stars: ✭ 101 (+172.97%)
Mutual labels:  cicd
Sherlock
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Stars: ✭ 36 (-2.7%)
Mutual labels:  security-testing
AnyStatus
A remote control for your CI/CD pipelines and more
Stars: ✭ 38 (+2.7%)
Mutual labels:  cicd
snyk-security-scanner-plugin
Test and monitor your projects for vulnerabilities with Jenkins. This plugin is officially maintained by Snyk.
Stars: ✭ 33 (-10.81%)
Mutual labels:  devsecops
cogito
Another Concourse GitHub status resource
Stars: ✭ 21 (-43.24%)
Mutual labels:  cicd
spring-boot-microservice-best-practices
Best practices and integrations available for Spring Boot based Microservice in a single repository.
Stars: ✭ 139 (+275.68%)
Mutual labels:  devsecops
terraform-github-repository-webhooks
Terraform module to provision webhooks on a set of GitHub repositories
Stars: ✭ 20 (-45.95%)
Mutual labels:  cicd
GDPRDPIAT
A GDPR Data Protection Impact Assessment (DPIA) tool to assist organisations to evaluate data protection risks with respect to the EU's General Data Protection Regulation. 🇪🇺
Stars: ✭ 28 (-24.32%)
Mutual labels:  devsecops
log4j-cve-2021-44228
Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)
Stars: ✭ 58 (+56.76%)
Mutual labels:  devsecops
jt tools
Ruby on Rails Continuous Deployment Ecosystem to maintain Healthy Stable Development
Stars: ✭ 13 (-64.86%)
Mutual labels:  cicd
aws-pipeline
Build a CI/CD for Microservices and Serverless Functions in AWS ☁️
Stars: ✭ 32 (-13.51%)
Mutual labels:  devsecops
amazon-eventbridge-cdk-audit-service-sample
Sample of a decoupled audit service using Amazon EventBridge and AWS Step Functions. Provisioned with AWS CDK.
Stars: ✭ 25 (-32.43%)
Mutual labels:  cicd
WireBug
WireBug is a toolset for Voice-over-IP penetration testing
Stars: ✭ 142 (+283.78%)
Mutual labels:  security-testing
View All Similar Projects ➔

Deprecation Notice

This repo is no longer maintained, it is kept here only as a reference.

MobSF CI

This repo contains all the is required to run MobSF in the CI. MobSF is a security tool that can scan APK/IPA and report various security issues. By running it in the CI, you can find those issues earlier, and fix them. To learn more about what it MobSF and what it can detect, checkout the blog post.

Docker App

The easiest way to use this repo is by using docker app. Simply run:

docker-app render omerl/mobsf-ci:0.3.0 --set target_folder=<path to the folder that contains the APK> --set target_apk=<apk name> --set output_folder=<path to folder where the report will be written> | docker-compose -f - up --exit-code-from scan

To parse the report, use Glue - see in the next section how.

Usage

  • Clone the repo
  • Create a folder named target in the root folder, and place the target there (e.g. target/my_app.apk).
  • Run the tests using:
TARGET_PATH='target/<name of the target>' docker-compose up --build --exit-code-from scan
  • Wait for the command to complete, it will take some time. When the command will be completed, checkout the report under output/report.json.
  • Use OWASP Glue to process the report by running:
docker run -it -v $(pwd)/output:/app owasp/glue:raw-latest ruby bin/glue -t Dynamic -T /app/report.json --mapping-file mobsf --finding-file-path /app/android.json -z 2
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].