Hi,
We’re using Nexus Platform Plugin in Jenkins to carry out Android scan vulnerabilities.
I’m looking for how NexusIq will be scanning Android application?
I tried to apply the parameter scanPattern as [*.apk] file, but it is not get scanning.
e.g We’re executing following pipeline script in Jenkins
nexusPolicyEvaluation iqApplication: ‘ApplicationID’, iqStage: ‘build’, iqScanPatterns: [scanPattern: ‘**/*.apk’]
Any thoughts?
nickcook
(Nick Cook )
January 24, 2019, 12:10am
#2
Hi,
Check out this post from @fcremer for information about scanning Android with IQ server.
Nexus IQ Server does not support scanning an .apk file directly due to the minification performed via the dalvik byte code process. For this reason, scanning prior to the assembling of the .apk is required.
Check out this article for more information on How Your Android Code Compiles to Deliver .APK Package File .
As an example, in Gradle you could add to your build.gradle a small of amount of additional code that essentially would perform 2 main actions during the build:
Execute the copyCom…
Thanks for the workaround. It works.
We are able to scan the Android vulnerabilities
Any thoughts, if it available with Nexus Platform Plugin itself?