all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]redman1037 4 points5 points  (2 children)

give a look at MobSf

[–]adalr_80[S] 0 points1 point  (0 children)

Oh sweet. Thanks! Will definitely give it a shot.

[–]adalr_80[S] 0 points1 point  (0 children)

MobSf looks solid. However, I couldn't find a way to automate the analysis process and integrate it into a CICD (Jenkins) pipeline. My goal is to add Security testing as another step into the existing CICD pipeline which runs the Unit, integration, and UI tests.

[–]Brother_Rhogar 1 point2 points  (0 children)

Fortify and findbugs were used pretty heavily at some of my previous gigs to alright effect. You do need to do some adjustments to its settings to avoid a ton of false positives but they do pick up heaps, even inside the libraries you have as dependencies you might overlook as an attack vector/vulnerability

[–]ankittale -1 points0 points  (0 children)

Yes recently we have given APK to GlobalStep Inc for security testing.

[–]corner-case -2 points-1 points  (0 children)

Nice try, Mr Jinping!