CI/CD Integration
Automate mobile security scanning in your CI/CD pipeline. Catch vulnerabilities before they reach production.
Supported Platforms
Easy setup for popular CI/CD platforms
GitHub Actions
Automate PTKD scans in your GitHub workflows
name: PTKD Security Scan
on:
pull_request:
branches: [ main ]
push:
branches: [ main ]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Build APK
run: ./gradlew assembleRelease
- name: PTKD Security Scan
uses: ptkd/github-action@v1
with:
api-key: ${{ secrets.PTKD_API_KEY }}
app-path: app/build/outputs/apk/release/app-release.apk
fail-on-high: true
- name: Upload Results
uses: actions/upload-artifact@v3
with:
name: ptkd-report
path: ptkd-report.jsonGitLab CI
Integrate PTKD into your GitLab CI/CD pipelines
stages:
- build
- security-scan
- deploy
variables:
PTKD_API_URL: "https://api.ptkd.dev"
build:
stage: build
script:
- ./gradlew assembleRelease
artifacts:
paths:
- app/build/outputs/apk/release/
expire_in: 1 hour
ptkd-scan:
stage: security-scan
image: ptkd/cli:latest
script:
- ptkd scan app/build/outputs/apk/release/app-release.apk
- ptkd report --format json > ptkd-report.json
artifacts:
reports:
junit: ptkd-report.json
paths:
- ptkd-report.json
variables:
PTKD_API_KEY: $PTKD_API_KEYJenkins
Add PTKD scanning to your Jenkins build pipeline
pipeline {
agent any
environment {
PTKD_API_KEY = credentials('ptkd-api-key')
}
stages {
stage('Build') {
steps {
sh './gradlew assembleRelease'
}
}
stage('Security Scan') {
steps {
script {
def scanResult = sh(
script: 'ptkd scan app/build/outputs/apk/release/app-release.apk --json',
returnStdout: true
).trim()
writeFile file: 'ptkd-report.json', text: scanResult
// Parse results and fail if high severity issues found
def report = readJSON file: 'ptkd-report.json'
if (report.high_severity_count > 0) {
error "High severity security issues found!"
}
}
}
post {
always {
archiveArtifacts artifacts: 'ptkd-report.json'
publishHTML([
allowMissing: false,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: '.',
reportFiles: 'ptkd-report.html',
reportName: 'PTKD Security Report'
])
}
}
}
}
}Best Practices
Optimize your CI/CD security workflow
Fail Fast on Critical Issues
Configure your pipeline to fail when high-severity vulnerabilities are detected
Scan on Every Pull Request
Run security scans on all pull requests to catch issues early
Cache Build Artifacts
Cache your app builds to speed up the CI/CD process
Store Reports as Artifacts
Archive security reports for historical tracking and compliance
Environment Configuration
Configure these environment variables in your CI/CD platform to enable PTKD scanning.
Required Variables
PTKD_API_KEY- Your PTKD API keyPTKD_API_URL- API endpoint (optional)
Optional Variables
PTKD_WEBHOOK_URL- Webhook for notificationsPTKD_FAIL_ON_HIGH- Fail on high severity (true/false)
CLI Installation
Install via npm:
npm install -g @ptkd/cliOr use Docker:
docker run ptkd/cli:latest scan app.apkBasic usage:
ptkd scan your-app.apk --jsonNeed Help Setting Up?
Our team can help you integrate PTKD into your specific CI/CD setup.