Appknox Security Scan Plugin

The Appknox Security Scan Plugin allows you to perform Appknox security scan on your mobile application binary. The APK/IPA built from your CI pipeline will be uploaded to Appknox platform which performs static scan and the build will be errored according to the chosen risk threshold.

How to use it?

Step 1: Get your Appknox Access Token

Sign up on Appknox.

Generate a personal access token from Developer Settings

Step 2: Store Appknox Access Token in Credentials

Select credentials options from Manage Jenkins -> Credentials:

Store Appknox Access Token as Global Credential:

Select Kind as "Secret Text" and store the Appknox Access Token with desired "ID" and "Description":

Appknox Plugin as Jenkins Job

Step 1: Define Job Name

Add job name and select Freestyle project:

Step 2: Add Appknox Plugin

Add Appknox Plugin from build step:

Step 3: Configure Appknox Plugin

Select Access Token from the dropdown:

Note:

Ensure the Access Token matches with the Access Token given while configuring Appknox Access Token in the credentials.

Add other details in the Appknox Plugin Configuration:

Appknox Plugin as Pipeline

Step 1: Define Pipeline Name

Add Pipeline name and select Pipeline project:

Step 2: Appknox Plugin Pipeline Script

Add Appknox Plugin Stage:

Note:

Ensure the Appknox Access Token ID matches with the ID given while configuring Appknox Access Token in the credentials.

In your Pipeline Stages Add this after building your Application stage:-

stages {
        stage('Appknox Scan') {
            steps {
                script {
                        // Perform Appknox scan using AppknoxScanner
                        step([
                            $class: 'AppknoxScanner',
                            credentialsId: 'your-appknox-access-token-ID', //Specify the Appknox Access Token ID. Ensure the ID matches with the ID given while configuring Appknox Access Token in the credentials.
                            filePath: FILE_PATH,
                            riskThreshold: params.RISK_THRESHOLD.toUpperCase()
                        ])
                    
                }
            }
        }
    }
    

Inputs

Key	Value
credentialsId	Personal appknox access token ID
file_path	Specify the build file name or path for the mobile application binary to upload, E.g. app-debug.apk, app/build/apk/app-debug.apk
risk_threshold	Risk threshold value for which the CI should fail. Accepted values: CRITICAL, HIGH, MEDIUM & LOW Default: LOW

---

Example Script:

pipeline {
    agent any
    parameters {
        choice(name: 'RISK_THRESHOLD', choices: ['LOW', 'MEDIUM', 'HIGH', 'CRITICAL'], description: 'Risk Threshold')
    }
    stages {
        stage('Checkout') {
            steps {
                git 'https://github.com/yourgithub/reponame'
            }
        }
        stage('Build App') {
            steps {
                // Build the app using specific build, Example is given using gradle
                script {
                    sh './gradlew build'
                    FILE_PATH = "app/build/outputs/apk/debug/app.aab"
                }
            }
        }
        stage('Appknox Scan') {
            steps {
                script {
                        // Perform Appknox scan using AppknoxScanner
                        step([
                            $class: 'AppknoxScanner',
                            credentialsId: 'your-appknox-access-token-id', //Specify the Appknox Access Token ID. Ensure the ID matches with the ID given while configuring Appknox Access Token in the credentials.
                            filePath: FILE_PATH,
                            riskThreshold: params.RISK_THRESHOLD.toUpperCase()
                        ])
                    
                }
            }
        }
    }
}