-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstep.yml
138 lines (125 loc) · 5.21 KB
/
step.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
#
# A couple of useful guides & docs:
#
# - Main Bitrise CLI docs: https://github.com/bitrise-io/bitrise/tree/master/_docs
# - Step Development Guideline: https://github.com/bitrise-io/bitrise/blob/master/_docs/step-development-guideline.md
# - Bitrise.yml format spec: https://github.com/bitrise-io/bitrise/blob/master/_docs/bitrise-yml-format-spec.md
# - Bitrise docs: http://devcenter.bitrise.io/
# - Bitrise CLI guides: http://devcenter.bitrise.io/bitrise-cli/
title: |-
zScan Upload Plugin
summary: |
Bitrise plugin to upload to Zimperium zScan
description: |
This plugin can be used to upload mobile applications to Zimperium (zScan) to be scanned for vulnerabilities. Using a plugin simplifies integrating mobile application security testing into CI/CD process and enables detection and remediation of vulnerabilities earlier in the application SDLC.
website: https://github.com/Zimperium/zscan-plugin-bitrise
source_code_url: https://github.com/Zimperium/zscan-plugin-bitrise
support_url: https://github.com/Zimperium/zscan-plugin-bitrise/issues
# If this step should be available only for certain project types
# just uncomment this `project_type_tags` section and include all the
# project types supported by the step. If the step can be used for all
# project types then you can just remove this section.
# If no `project_type_tags` specified (or specified as an empty array)
# that means the step can be used for any project type.
# You can find more information about project type tags in the Step Development Guideline:
# https://github.com/bitrise-io/bitrise/blob/master/_docs/step-development-guideline.md
#
# project_type_tags:
# - ios
# - macos
# - android
# - xamarin
# - react-native
# - cordova
# - ionic
# - flutter
# Type tags are used for categorizing steps, for easier step discovery in Step Libraries.
# You can find more information about type tags in the Step Development Guideline:
# https://github.com/bitrise-io/bitrise/blob/master/_docs/step-development-guideline.md
type_tags:
- test
# These properties define whether a Step is run in a given Workflow or not.
# You can find more information about this in the documentation here:
# https://devcenter.bitrise.io/en/steps-and-workflows/developing-your-own-bitrise-step/developing-a-new-step.html#setting-conditions-for-running-the-step
#
# is_always_run: false
is_skippable: true
# run_if: ""
# Use the `deps` property to declare dependencies that you can fetch from an OS dependency manager.
# You can find more information about this in the documentation here:
# https://devcenter.bitrise.io/en/steps-and-workflows/developing-your-own-bitrise-step/developing-a-new-step.html#submodules-and-step-dependencies
#
deps:
brew:
- name: jq
- name: curl
apt_get:
- name: jq
- name: curl
toolkit:
bash:
entry_file: step.sh
inputs:
- endpoint: https://ziap.zimperium.com
opts:
title: "Endpoint"
summary: Zimperium Console base URL.
description: |
This is the base URL of your Zimperium console, e.g., `https://ziap.zimperium.com`.
See [Documentation](https://github.com/Zimperium/zscan-plugin-bitrise) for more detail.
is_expand: true
is_required: true
- client_id:
opts:
title: "Client ID"
summary: Client ID part of the API Key.
description: |
Client ID part of the API Key created through the Authorization tab of your console.
is_expand: true
is_required: true
- client_secret:
opts:
title: "Client Secret"
summary: Client Secret part of the API Key.
description: |
Client Secret part of the API Key created through the Authorization tab of your console. This input is marked as 'sensitive'.
As such, only [Secrets](https://devcenter.bitrise.io/bitrise-cli/secrets/) are accepted as values.
is_expand: true
is_sensitive: true
is_required: true
- file_path:
opts:
title: "File Path"
summary: The path to the binary
description: |
The path to the binary to be uploaded for analysis. This must point to a valid mobile application, e.g., .ipa or .apk file.
is_expand: true
is_required: true
- report_format: "json"
opts:
title: "Report Format"
summary: Format for the assessment report.
description: |
Specifies the format for the assessment report. For more information on SARIF,
please see [OASIS Open](https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html).
is_expand: true
is_required: false
value_options:
- "json"
- "sarif"
- team_name: Default
opts:
title: "Team Name"
summary: Team that the application should be assigned to.
description: |
If the application is uploaded for the first time, it will be assigned to the specified team. This setting
has no effect if the application is already assigned to a team. To change team assignment, please use the Console.
is_expand: true
is_required: false
outputs:
- ZSCAN_REPORT_PATH:
opts:
title: "Path to the assessment report"
summary: Local path to the downloaded assessment report.
description: |
Assessment report will be provided in the specified format.