Mobile Secure

Data Theorem's Mobile Secure will scan each pre-production release automatically (up to 7000 releases/day) for security & privacy issues using static, dynamic, and behavioral analysis for both iOS and Android applications.

https://www.datatheorem.com/products/mobile-secure

A valid Data Theorem Upload API key is required.

Install the extension

Go to Data Theorem Mobile Secure's page on the Azure DevOps marketplace: https://marketplace.visualstudio.com/items?itemName=datatheorem.datatheorem-mobile-secure

Install the extension in your Azure DevOps organization by clicking on "Get it free"

Add Data Theorem Mobile Secure to an Azure pipeline

Go to your azure-pipeline.yml file and select the Data Theorem Mobile Secure extension.

Retrieve your Upload API key from the Data Theorem portal at the link below: https://www.securetheorem.com/devsecops/v2/scancicd. Click on "Variables" and create a new variable to hold your API key as a secret.

Add the path to the compiled mobile application binary to upload, plus any optional variables.

Once the inputs have been added, click on "Add", and the Data Theorem Mobile Secure task will be added to your azure-pipeline.yml file.

Optional Parameters

You can optionally provide username and password to be used with dynamic (DAST) testing. Optional parameters (including username and password) are described in more details in the API documentation. We strongly recommend using Azure DevOps Variables to protect the dynamic testing credentials.

At this time, release type, comments, release id, external id, platform variant, and Android mapping file parameters are supported, in addition to username/password. When optional parameters are specified, they override previosly provided values. If optional parameters are omitted, previously provided value are used for username/password, and other parameters are set to blank/unused. For example, a build for which comments are not provided will show no comments.

If multiple files match the provided pattern, the same set of optional values will be sent with each file.

Note: Android mapping file parameter is ignored if multiple files match the provided pattern. If you need to supply a mapping file, please make sure to provide a single, fully-qualified filename of the binary to be uploaded.