BeVigil Security Scan

Shift-left your mobile application security testing with BeVigil Enterprise's powerful security scanner, now integrated into your Azure DevOps pipelines.

This Azure DevOps extension allows you to seamlessly integrate BeVigil Enterprise's comprehensive security scanning into your CI/CD workflows. Automatically scan your Android (APK), iOS (IPA), and Progressive Web Apps (PWA) for thousands of security vulnerabilities and misconfigurations, empowering your developers to find and fix issues early in the development lifecycle.

Key Features

Comprehensive Security Analysis: Scan for a wide range of vulnerabilities including insecure data storage, weak cryptography, network security issues, and more.
Support for Major Platforms: Works with Android (APK), iOS (IPA), and PWA applications.
Seamless CI/CD Integration: Embed security scanning directly into your build and release pipelines.
Actionable Reports: Receive detailed, easy-to-understand security reports to quickly identify and remediate vulnerabilities.
Flexible Configuration: Configure the task to fail the build based on scan results, enforcing your security policies.
DevSecOps Ready: Foster a DevSecOps culture by making security an integral part of your development process.

Getting Started

Install the Extension: Install the "BeVigil Security Scan" extension from the Azure DevOps Marketplace.
Get a BeVigil API Key:
- To get the key, contact CloudSEK Support.

Configure the Task

1. Set the BeVigil API Key as a Secret Variable

To keep your API key secure, you should add it as a secret variable to your pipeline.

In your Azure DevOps project, navigate to the pipeline where you want to add the BeVigil scan task.
Click Edit to open the pipeline editor.
Click on Variables (usually in the top-right corner).
Click New variable.
Enter bevigilApiKey as the Name.
Paste your API key into the Value field.
Check the Keep this value secret box.
Click OK and then Save the pipeline.

2. Add the Task to Your Pipeline

You can add the BeVigil Scan task to your pipeline using the Classic Editor or by adding a YAML snippet.

Task Inputs

Input	Description	Required
`apiKey`	Your BeVigil API key for authentication.	Yes
`appType`	Select the type of application to scan.	Yes
`appPath`	Path to the application file (APK/IPA) or PWA folder.	Yes
`packageName`	Package name for Android, bundle identifier for iOS, or a unique name for your PWA.	Yes
`scanTimeout`	Maximum time to wait for scan completion (5-60 minutes).	Yes
`severityThreshold`	Minimum severity level to report.	Yes

YAML Pipeline Example

Here is an example of how to use the BeVigilSecurityScan task in your azure-pipelines.yml file.

trigger:
- main   # or master, depending on your repo default branch

pool:
  name: Default   # self-hosted agent pool

variables:
  bevigilApiKey: $(bevigilApiKey)   # set this as a secret in pipeline variables
  appPackageName: 'com.example.myapp'

stages:
- stage: SecurityScan
  displayName: 'Security Scan'
  jobs:
  - job: PwaSecurityScan
    displayName: 'BeVigil APK Security Scan'
    steps:
    # Step 1: Copy the APK from repo into pipeline workspace
    - script: |
        mkdir -p $(Pipeline.Workspace)/android
        cp $(Build.SourcesDirectory)/dist/test.apk $(Pipeline.Workspace)/android/app-release.apk
      displayName: 'Copy APK to workspace'

    # Step 2: Run BeVigil Scan on the copied APK
    - task: BeVigilSecurityScan@2 # Use the latest major version
      displayName: 'Scan Android APK'
      inputs:
        apiKey: $(bevigilApiKey)
        appType: 'android'
        appPath: '$(Pipeline.Workspace)/android/app-release.apk'
        packageName: '$(appPackageName)'
        scanTimeout: '30'
        severityThreshold: 'medium'
      condition: succeeded()
      
    # Step 3: Run BeVigil Scan on PWA
    - task: BeVigilSecurityScan@1
      displayName: 'Scan PWA'
      inputs:
        apiKey: $(bevigilApiKey)
        appType: 'pwa' 
        appPath: '$(Pipeline.Workspace)/dist' 
        packageName: '$(appPackageName)'
        scanTimeout: '30'
        severityThreshold: 'medium'
      condition: succeeded()

Viewing Scan Results

After a successful scan, a detailed security report is generated.

In the Build Summary: A summary of the findings is displayed on the build's summary page.
As a Build Artifact: A link to the full report for 24 hours is present on the console log (e.g., bevigil-report.json), which you can download for detailed analysis.

Support

For more information, feature requests, or to report issues, please visit the CloudSEK or contact our support team.