Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: payatu/diva-android
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: MobSF/diva-android
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
Able to merge. These branches can be automatically merged.
  • 7 commits
  • 3 files changed
  • 1 contributor

Commits on Apr 9, 2020

  1. mobsf workflow v1

    @ajinabraham
    ajinabraham authored Apr 9, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    e4c19b8 View commit details

  2. Update main.yml

    @ajinabraham
    ajinabraham authored Apr 9, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    bd4725a View commit details

  3. Update main.yml

    @ajinabraham
    ajinabraham authored Apr 9, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    6a30d5d View commit details

  4. Update main.yml

    @ajinabraham
    ajinabraham authored Apr 9, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    ebd9fc8 View commit details

Commits on May 17, 2021

  1. Create mobsfscan_sarif.yaml

    @ajinabraham
    ajinabraham authored May 17, 2021

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    ead31e4 View commit details

Commits on Feb 9, 2023

  1. Update mobsfscan_sarif.yaml

    @ajinabraham
    ajinabraham authored Feb 9, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    bea14ae View commit details

Commits on Mar 23, 2023

  1. Create boost.yaml

    @ajinabraham
    ajinabraham authored Mar 23, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    c569182 View commit details
Showing with 88 additions and 0 deletions.
  1. +26 −0 .github/workflows/boost.yaml
  2. +40 −0 .github/workflows/main.yml
  3. +22 −0 .github/workflows/mobsfscan_sarif.yaml
26 changes: 26 additions & 0 deletions .github/workflows/boost.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Boost mobsfscan
on:
workflow_dispatch:
push:
branches:
- main
- master
pull_request:
branches:
- main
- master
types:
- opened
- synchronize
jobs:
scanner:
name: mobsfscan
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Mobfsscanner
uses: boostsecurityio/boostsec-scanner-github@v4
with:
api_token: ${{ secrets.BOOST_API_TOKEN }}
registry_module: opensecurity/mobsfscan
40 changes: 40 additions & 0 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
# This is a basic workflow to help you get started with Actions

name: MobSF CI

# Controls when the action will run. Triggers the workflow on push or pull request
# events but only for the master branch
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]

env:
MOBSF_IMG:
opensecurity/mobile-security-framework-mobsf:latest
MOBSF_API_KEY:
d41d8cd98f00b204e9800998ecf8427e859ea234


# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest

# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@master

# Pull MobSF Docker Image
- name: Pull MobSF Docker Image
run: docker pull ${MOBSF_IMG}

# Scan Source Code
- name: Run MobSF Scan
run: |
zip -r mobsf_files.zip .
docker run -d -e MOBSF_API_KEY=${MOBSF_API_KEY} -t ${MOBSF_IMG} && curl -F 'file=@mobsf_files.zip' http://localhost:8000/api/v1/upload -H "Authorization:${MOBSF_API_KEY}"
22 changes: 22 additions & 0 deletions .github/workflows/mobsfscan_sarif.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: mobsfscan sarif
on:
push:
branches: [ master, main ]
pull_request:
branches: [ master, main ]

jobs:
mobsfscan:
runs-on: ubuntu-latest
name: mobsfscan code scanning
steps:
- name: Checkout the code
uses: actions/checkout@v2
- name: mobsfscan
uses: MobSF/mobsfscan@main
with:
args: '. --sarif --output result.sarif || true'
- name: Upload mobsfscan report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: result.sarif