Whether we are developing a mobile application or assessing its security, we need to continuously review it with every new release. Repetitively building the app, uploading the file, and creating a scan quickly becomes an annoyance. Ostorlab is excited to announce the introduction of two new features to ease the burden of testing your app.
Continuous Application Monitoring
Continuous application monitoring can easily discover applications on the store, searching by application name, package name or bundle Id.
The continuous monitoring rules are configured by selecting the target application, setting test credentials or UI automation rules. If you are not familiar with Ostorlab's support for authenticated tests and UI automation, check our guide for more information.
Once a monitoring rule is created, Ostorlab continuously check the store for new versions and automatically triggers a new scan. Applications with silent updates, using frameworks like React Native, are also covered as they get scanned at least once a week.
In the future, scans will also get triggered with the introduction of new detection capability or the detection of a new CVE affecting an application dependency.
Continuous monitoring provides insight into how an application is evolving, how often are vulnerabilities introduced and fixed and eases the task of tracking an application attack surface for bounty hunting for instance.
Jenkins CI/CD integration
In addition to the Store application monitoring, Ostorlab has also released a new open-source Jenkins plugin to integrate security scanning with your deployment pipeline. Integrating security into your CI/CD is a simple step to adopt security as early as possible in the development process and have a bottom-up approach to security that doesn't require a security expert to intervene and ensure issues are detected and fixed.
The steps to use the plugins are straightforward:
- Generate an API key, one click away in the UI
- Install plugin from Jenkins repo
- Configure Plugin with new API key
- Add plugin to your pipeline
For more detailed steps, check the plugin documentation here.
To take advantage of all these features, ALL FREE, Create an account here.