MobSF Scan

This scanner component runs the popular open source SAST for mobile applications MobSF Scan.

How to use with Smithy

Open-Source

Add the component to the workflow

# file: ./my-workflow/workflow.yaml
description: Nancy based workflow
name: nancy
components:
  - component: ghcr.io/smithy-security/smithy/images/components/targets/git-clone:v1.3.2
  - component: ghcr.io/smithy-security/smithy/manifests/components/scanners/mobsfscan:v1.1.1
  - component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.1
  - component: ghcr.io/smithy-security/smithy/manifests/components/reporters/json-logger:v1.0.1

Configure the run parameters of the component in the overrides file

# file: ./my-workflow/overrides.yaml
git-clone:
  - name: "repo_url"
    type: "string"
    value: "https://github.com/0c34/govwa.git"
  - name: "reference"
    type: "string"
    value: "master"

SaaS

In the Smithy UI, open the page to create a new workflow.
Add a git-clone target and configure it to point to a repository with the source code for a mobile application.
Find MobSF in the Scanners dropdown. Click to add it to the workflow.
Run the workflow as normal.

Options

This component does not accept options.

How to use with Smithy​

Open-Source​

SaaS​

Options​

How to use with Smithy

Open-Source

SaaS

Options