Following the same trend of automated analysis in the earlier recipes, this recipe will show how to configure dependency scans and dynamic analysis of Android application builds prior to production deployments.
In this recipe, we will use a Jenkins automation build server and the following tools:
- Mobile Security Framework (MobSF): This is an open source mobile application static and dynamic analysis tool. MobSF is actively being worked on and modified for the mobile security community. MobSF can be downloaded from the following link:
- OWASP Dependency-Check: This is a tool that detects publicly disclosed vulnerabilities within a project's dependencies for multiple programming languages such as Java, NodeJS, Python, Ruby, and Swift to name a few. We will use the Jenkins
OWASP Dependency-Check Pluginthat can be downloaded via the Jenkins plugin...