Hi,
We’re using Nexus Platform Plugin in Jenkins to carry out Android scan vulnerabilities. scanPattern as [*.apk] file, but it is not get scanning.
e.g We’re executing following pipeline script in Jenkins
nexusPolicyEvaluation iqApplication: ‘ApplicationID’, iqStage: ‘build’, iqScanPatterns: [scanPattern: ‘**/*.apk’]
Any thoughts?
nickcook
January 24, 2019, 12:10am
#2
Hi,
Check out this post from @fcremer for information about scanning Android with IQ server.
Nexus IQ Server does not support scanning an .apk file directly due to the minification performed via the dalvik byte code process. For this reason, scanning prior to the assembling of the .apk is required.
Check out this article for more information on How Your Android Code Compiles to Deliver .APK Package File .
As an example, in Gradle you could add to your build.gradle a small of amount of additional code that essentially would perform 2 main actions during the build:
Execute the copyCom…
Thanks for the workaround. It works.vulnerabilities
Any thoughts, if it available with Nexus Platform Plugin itself?
