The Appknox Security Scan Plugin allows you to perform Appknox security scan on your mobile application binary. The APK/IPA built from your CI pipeline will be uploaded to Appknox platform which performs static scan and the build will be errored according to the chosen risk threshold.
Sign up on Appknox.
Generate a personal access token from Developer Settings
Select credentials options from Manage Jenkins -> Credentials:
Store Appknox Access Token as Global Credential:
Select Kind as "Secret Text" and store the Appknox Access Token with desired "ID" and "Description":
Add job name and select Freestyle project:
Add Appknox Plugin from build step:
Select Access Token from the dropdown:
Ensure the Access Token matches with the Access Token given while configuring Appknox Access Token in the credentials.
Add other details in the Appknox Plugin Configuration:
Add Pipeline name and select Pipeline project:
Add Appknox Plugin Stage:
Ensure the Appknox Access Token ID matches with the ID given while configuring Appknox Access Token in the credentials.
stages {
stage('Appknox Scan') {
steps {
script {
// Perform Appknox scan using AppknoxScanner
appKnoxScanner(
credentialsId: 'your-appknox-access-token-ID', //Specify the Appknox Access Token ID. Ensure the ID matches with the ID given while configuring Appknox Access Token in the credentials.
filePath: FILE_PATH,
riskThreshold: params.RISK_THRESHOLD.toUpperCase(),
region: params.Region // Pass the region parameter as expected
)
}
}
}
}
Key | Value |
---|---|
credentialsId |
Personal appknox access token ID |
file_path |
Specify the build file name or path for the mobile application binary to upload, E.g. app-debug.apk, app/build/apk/app-debug.apk |
risk_threshold |
Risk threshold value for which the CI should fail. Accepted values: CRITICAL, HIGH, MEDIUM & LOW Default: LOW |
region |
Specify the Appknox region. Accepted values: 'Global, Saudi' Default: 'Global' |
pipeline {
agent any
parameters {
choice(name: 'RISK_THRESHOLD', choices: ['LOW', 'MEDIUM', 'HIGH', 'CRITICAL'], description: 'Risk Threshold')
choice(name: 'Region', choices: ['global', 'saudi'], description: 'Appknox Regions')
}
stages {
stage('Checkout') {
steps {
git 'https://github.com/yourgithub/reponame'
}
}
stage('Build App') {
steps {
// Build the app using specific build, Example is given using gradle
script {
sh './gradlew build'
FILE_PATH = "app/build/outputs/apk/debug/app.aab"
}
}
}
stage('Appknox Scan') {
steps {
script {
// Perform Appknox scan using AppknoxScanner
appKnoxScanner(
credentialsId: 'your-appknox-access-token-ID', //Specify the Appknox Access Token ID. Ensure the ID matches with the ID given while configuring Appknox Access Token in the credentials.
filePath: FILE_PATH,
riskThreshold: params.RISK_THRESHOLD.toUpperCase(),
region: params.Region // Pass the region parameter as expected
)
}
}
}
}
}