diff --git a/.gitea/workflows/mobsf.yml b/.gitea/workflows/mobsf.yml index 02906ec..c75248d 100644 --- a/.gitea/workflows/mobsf.yml +++ b/.gitea/workflows/mobsf.yml @@ -8,26 +8,31 @@ jobs: - name: Checkout Code uses: https://github.com/actions/checkout@v4 - # We manually install and run mobsfscan in a venv to avoid OS conflicts - name: Run MobSF Scan run: | - # 1. Setup a clean virtual environment + # Setup environment python3 -m venv .mobsf_venv source .mobsf_venv/bin/activate + python3 -m pip install mobsfscan --quiet + + # --------------------------------------------------------- + # ENFORCEMENT STRENGTH (Uncomment only ONE line) + # --------------------------------------------------------- - # 2. Install mobsfscan inside the venv - python3 -m pip install --upgrade pip - python3 -m pip install mobsfscan - - # 3. Create the report placeholder - echo "

Scan Results

No issues.

" > report.html - - # 4. Run the scan on your app directory specifically - # We use || true so the pipeline continues even if it finds bugs + # STRENGTH: LOG ONLY (Always green build, artifact if bugs found) mobsfscan --html --output report.html app/src/main || true + + # STRENGTH: STRICT (Red build if ANY Warning/Error found) + # mobsfscan --html --output report.html app/src/main + + # STRENGTH: CRITICAL ONLY (Red build only on High/Error severity) + # mobsfscan --html --output report.html --error-level ERROR app/src/main + # --------------------------------------------------------- - name: Upload Report to Gitea + # if-no-files-found: ignore ensures NO artifact is created if scan is clean uses: https://gitea.com/actions/upload-artifact@v3 with: name: MobSF-Security-Report - path: report.html \ No newline at end of file + path: report.html + if-no-files-found: ignore \ No newline at end of file