Appshield Scanner Documentation PR #1095
Conversation
✅ Deploy Preview for reverent-galileo-8ef035 ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
ftmzhrsckldr
left a comment
ftmzhrsckldr
left a comment
There was a problem hiding this comment.
I was waiting for the test phase to be completed to send these feedbacks, but I am sharing it now so that there will be no delays.
New feedbacks may appear during the testing phase.
| @@ -0,0 +1,75 @@ | |||
| --- | |||
| title: Appshield Scanner for Android/iOS | |||
There was a problem hiding this comment.
This title should be the same as the component title, and if it is a common component there is no need to specify it.
| title: Appshield Scanner for Android/iOS | |
| title: KOBIL Appshield Scanner |
| @@ -0,0 +1,75 @@ | |||
| --- | |||
| title: Appshield Scanner for Android/iOS | |||
| description: Appshield Scanner performs dynamic runtime scans/analysis and AI supported static (file-based) inspections for mobile app files (APK, AAB, IPA) to detect existing security mechanisms and indicates whether an app is secure or not. | |||
There was a problem hiding this comment.
It is recommended that the description should not exceed 150–200 characters. Could you please write it in the most concise form possible?
|
|
||
| # Appshield App Scanner for Android / iOS | ||
|
|
||
| Appshield Scanner starts its analysis by accepting the application file (AAB/APK for Android, IPA for iOS) and starting dynamic runtime tests after initial file and format validations. |
There was a problem hiding this comment.
Verb consistency:
“starts its analysis … and starting” → should be “starts its analysis … and performs”
| # Appshield App Scanner for Android / iOS | ||
|
|
||
| Appshield Scanner starts its analysis by accepting the application file (AAB/APK for Android, IPA for iOS) and starting dynamic runtime tests after initial file and format validations. | ||
| It is important to note that while many scanning solutions use ARM/x86_64 based emulators and sandbox environments, Appshield performs all these dynamic tests in **real/physical Android and/or iOS devices.** |
There was a problem hiding this comment.
| It is important to note that while many scanning solutions use ARM/x86_64 based emulators and sandbox environments, Appshield performs all these dynamic tests in **real/physical Android and/or iOS devices.** | |
| It is important to note that while many scanning solutions use ARM/x86_64 based emulators and sandbox environments, Appshield performs all these dynamic tests on **real/physical Android and/or iOS devices.** |
|
|
||
| Appshield Scanner starts its analysis by accepting the application file (AAB/APK for Android, IPA for iOS) and starting dynamic runtime tests after initial file and format validations. | ||
| It is important to note that while many scanning solutions use ARM/x86_64 based emulators and sandbox environments, Appshield performs all these dynamic tests in **real/physical Android and/or iOS devices.** | ||
| At the end of the dynamic test session, Appshield indicates which security measures/hardenings are present and implemented in the app. If some testcases were failed due to unforeseen errors or cannot be tested various bypass mechanisms |
There was a problem hiding this comment.
- Word form:
“testcases” → should be “test cases” - Verb form:
“were failed” → should be “fail” (fail is an intransitive verb) - Missing conjunction:
“cannot be tested various bypass mechanisms” → should be “cannot be tested because of various bypass mechanisms”
|
|
||
| **Security measures/hardenings Appshield Scanner checks for in an application includes (but not limited to)**: | ||
|
|
||
| * **Root/Jailbreak Detection**: Detects whether the device has been rooted or jailbroken, which increases the risk of unauthorized system access and tampering. |
There was a problem hiding this comment.
Honestly, this is a technical document, so we find it more appropriate to include detailed benefits sections in blog-style articles instead. However, if you think keeping it here is technically necessary, it can stay.
There was a problem hiding this comment.
No, I can remove it from here. In fact, maybe it'll be a better idea to include them in FAQ section by just mentioning hardenings there by name only.
|
|
||
| Before running the **Appshield Scanner** step, you must complete certain prerequisites, as detailed in the table below: | ||
|
|
||
| | Prerequisite Workflow Step | Description | |
There was a problem hiding this comment.
Could you please add same Prerequisites step for iOS side.
Like this doc: https://docs.appcircle.io/workflows/common-workflow-steps/data-theorem-mobile-secure
| --- | ||
|
|
||
| import Screenshot from '@site/src/components/Screenshot'; | ||
|
|
There was a problem hiding this comment.
There is a ready-to-use component for Sensitive vars. Please update it as follows:
| import SensitiveVariablesDanger from '@site/docs/\_sensitive-variables-danger.mdx'; | |
| :::danger Sensitive Variables | ||
|
|
||
| Please do not use sensitive variables such as **Username**, **Password**, **API Key**, or **Personal Access Key** directly within the step. | ||
|
|
||
| We recommend using [**Environment Variables**](/build/build-environment-variables) groups for such sensitive variables. | ||
|
|
||
| ::: |
There was a problem hiding this comment.
There is a ready-to-use component for that. Please update it as follows:
| :::danger Sensitive Variables | |
| Please do not use sensitive variables such as **Username**, **Password**, **API Key**, or **Personal Access Key** directly within the step. | |
| We recommend using [**Environment Variables**](/build/build-environment-variables) groups for such sensitive variables. | |
| ::: | |
| <SensitiveVariablesDanger /> | |
| ::: |
docs/tags.yml
Outdated
| permalink: /snyk-scan | ||
|
|
||
| "scan": | ||
| label: "sscan" |
There was a problem hiding this comment.
| label: "sscan" | |
| label: "scan" |
3 participants
I've made the following changes for Appshield Scanner Documentation: