CI/CD Integration

    Automate mobile security scanning in your CI/CD pipeline. Catch vulnerabilities before they reach production.

    Supported Platforms

    Easy setup for popular CI/CD platforms

    GitHub Actions

    Automate PTKD scans in your GitHub workflows

    name: PTKD Security Scan
    on:
      pull_request:
        branches: [ main ]
      push:
        branches: [ main ]
    
    jobs:
      security-scan:
        runs-on: ubuntu-latest
        steps:
        - uses: actions/checkout@v3
        
        - name: Build APK
          run: ./gradlew assembleRelease
          
        - name: PTKD Security Scan
          uses: ptkd/github-action@v1
          with:
            api-key: ${{ secrets.PTKD_API_KEY }}
            app-path: app/build/outputs/apk/release/app-release.apk
            fail-on-high: true
            
        - name: Upload Results
          uses: actions/upload-artifact@v3
          with:
            name: ptkd-report
            path: ptkd-report.json

    GitLab CI

    Integrate PTKD into your GitLab CI/CD pipelines

    stages:
      - build
      - security-scan
      - deploy
    
    variables:
      PTKD_API_URL: "https://api.ptkd.dev"
    
    build:
      stage: build
      script:
        - ./gradlew assembleRelease
      artifacts:
        paths:
          - app/build/outputs/apk/release/
        expire_in: 1 hour
    
    ptkd-scan:
      stage: security-scan
      image: ptkd/cli:latest
      script:
        - ptkd scan app/build/outputs/apk/release/app-release.apk
        - ptkd report --format json > ptkd-report.json
      artifacts:
        reports:
          junit: ptkd-report.json
        paths:
          - ptkd-report.json
      variables:
        PTKD_API_KEY: $PTKD_API_KEY

    Jenkins

    Add PTKD scanning to your Jenkins build pipeline

    pipeline {
        agent any
        
        environment {
            PTKD_API_KEY = credentials('ptkd-api-key')
        }
        
        stages {
            stage('Build') {
                steps {
                    sh './gradlew assembleRelease'
                }
            }
            
            stage('Security Scan') {
                steps {
                    script {
                        def scanResult = sh(
                            script: 'ptkd scan app/build/outputs/apk/release/app-release.apk --json',
                            returnStdout: true
                        ).trim()
                        
                        writeFile file: 'ptkd-report.json', text: scanResult
                        
                        // Parse results and fail if high severity issues found
                        def report = readJSON file: 'ptkd-report.json'
                        if (report.high_severity_count > 0) {
                            error "High severity security issues found!"
                        }
                    }
                }
                post {
                    always {
                        archiveArtifacts artifacts: 'ptkd-report.json'
                        publishHTML([
                            allowMissing: false,
                            alwaysLinkToLastBuild: true,
                            keepAll: true,
                            reportDir: '.',
                            reportFiles: 'ptkd-report.html',
                            reportName: 'PTKD Security Report'
                        ])
                    }
                }
            }
        }
    }

    Best Practices

    Optimize your CI/CD security workflow

    Fail Fast on Critical Issues

    Configure your pipeline to fail when high-severity vulnerabilities are detected

    Scan on Every Pull Request

    Run security scans on all pull requests to catch issues early

    Cache Build Artifacts

    Cache your app builds to speed up the CI/CD process

    Store Reports as Artifacts

    Archive security reports for historical tracking and compliance

    Environment Configuration

    Configure these environment variables in your CI/CD platform to enable PTKD scanning.

    Required Variables

    • PTKD_API_KEY - Your PTKD API key
    • PTKD_API_URL - API endpoint (optional)

    Optional Variables

    • PTKD_WEBHOOK_URL - Webhook for notifications
    • PTKD_FAIL_ON_HIGH - Fail on high severity (true/false)

    CLI Installation

    Install via npm:

    npm install -g @ptkd/cli

    Or use Docker:

    docker run ptkd/cli:latest scan app.apk

    Basic usage:

    ptkd scan your-app.apk --json

    Need Help Setting Up?

    Our team can help you integrate PTKD into your specific CI/CD setup.