Product

Two efficient features to continuously monitor mobile applications

Whether we are developing a mobile application or assessing its security, we need to continuously review it with every new release. Repetitively building the app, uploading the file, and creating a scan quickly becomes an annoyance. Ostorlab is excited to announce the introduction of two new features to ease the burden of testing your app.

Sat 24 October 2020

Whether we are developing a mobile application or assessing its security, we need to continuously review it with every new release. Repetitively building the app, uploading the file, and creating a scan quickly becomes an annoyance. Ostorlab is excited to announce the introduction of two new features to ease the burden of testing your app.

Continuous Application Monitoring

Continuous application monitoring can easily discover applications on the store, searching by application name, package name or bundle Id.

alt text
Create Monitoring Rule

The continuous monitoring rules are configured by selecting the target application, setting test credentials or UI automation rules. If you are not familiar with Ostorlab's support for authenticated tests and UI automation, check our guide for more information.

alt text
Credentials Setting

Once a monitoring rule is created, Ostorlab continuously check the store for new versions and automatically triggers a new scan. Applications with silent updates, using frameworks like React Native, are also covered as they get scanned at least once a week.

In the future, scans will also get triggered with the introduction of new detection capability or the detection of a new CVE affecting an application dependency.

alt text
Dependency detection

alt text
CVE of libjpeg

Continuous monitoring provides insight into how an application is evolving, how often are vulnerabilities introduced and fixed and eases the task of tracking an application attack surface for bounty hunting for instance.

alt text
Application Monitoring

alt text
Application Monitoring Trends

Jenkins CI/CD integration

In addition to the Store application monitoring, Ostorlab has also released a new open-source Jenkins plugin to integrate security scanning with your deployment pipeline. Integrating security into your CI/CD is a simple step to adopt security as early as possible in the development process and have a bottom-up approach to security that doesn't require a security expert to intervene and ensure issues are detected and fixed.

The steps to use the plugins are straightforward:

  • Generate an API key, one click away in the UI

alt text
API Key

  • Install plugin from Jenkins repo

alt text
Jenkins Step 1

  • Configure Plugin with new API key

alt text
Jenkins Step 3

  • Add plugin to your pipeline

alt text
Jenkins Step 8

For more detailed steps, check the plugin documentation here.

To take advantage of all these features, ALL FREE, Create an account here.

Tags:

ci/cd, jenkins, store, monitoring

We do newsletters, too

Get the latest news, updates, and product innovations from Ostorlab right in your inbox.

Table of Contents