# Jenkins Integration
# Overview
Jenkins, a versatile open-source automation server, can be effectively paired with the AppSealing CLI tool for enhanced security automation. Follow our step-by-step guide for straightforward installation and integration using the configuration file. Additionally, explore advanced integration options through Jenkins Parameter settings for tailored security measures.
# AppSealing Jenkins parameter settings
| Parameters | Definition | Type | Settings Value |
|---|---|---|---|
| AS_JAR_PATH <Required> | sealing.jar file path | String | ex) /opt/appsealing/sealing.jar |
| AS_URL <Required> | Sealing API URL | String | https://api.appsealing.com/covault/gw |
| AS_AUTH_KEY <Required> | Authentication key | String | ( Provided separately ) |
| AS_SRC_APK <Required> | original APK/AAB file path | String | ex)./source/application.apk |
| AS_SEALED_APK <Required> | Path to save the Sealed APK/AAB file | String | ex)./source/application_sealed.apk |
| AS_APP_TYPE | Sealing security service - GAME : Game security service - NON_GAME : Non-game security service | String | Default : GAME |
| AS_SERVICE_VERSION | Sealing service version number | String | Ex) 2.31.0.0 Default: latest |
| AS_DEPLOY_MODE <Required> | ** Deploy mode ** # - test : AppSealing watermark displayed # - release : No AppSealing watermark_ | Choice | {test / release} Default : test |
| AS_DEX_ENCRYPT | DEX encryption option -no : DEX encryption not applied -yes : apply DEX encryption | Choice | { no / yes } Default : no |
| AS_SELECTIVE_DEX_ENCRYPT | Selective Dex Encryption Option (This option is Recognized only when the DEX encryption is applied.) - no: encryption for whole dex files - yes: encryption for some classes and packages | Choice | {no / yes} Default : no |
| AS_BLOCK_ENVIRONMENT | Emulator and root environment option - emulator : Blocks app running on emulator - rooting : Blocks app running on rooted device - Supported emulator : BlueStacks, Nox, LDPlayer | Extended choice | { emulator, rooting} Default : not selected |
| AS_ALLOW_EMULATOR | Allow exceptional emulator when all emulator is blocked - LDPlayer : Allow LDPlayer - BlueStacks : Allow Bluestacks - Nox : Allow Nox app player - Other emulators will be supported in future | Extended choice | { BlueStacks, Nox, LDPlayer } Default : not selected |
| AS_BLOCK_WORK_PROFILE | Work profile option(Block app execution from work profile environment such as Samsung Secure folder) - yes : Block app execution - no : Allow app execution | Choice | {yes / no} Default : yes |
| AS_ALLOW_WORK_PROFILES | Allow exceptional work profiles when all work profiels are blocked. - Samsung SecureFolder | Extended Choice | {Samsung SecureFolder} Default: not selected. |
| AS_BLOCK_KEYLOGGER | Key logger block option - yes :Block app running with key logging tool - no : Allow app running with key logging tool | Choice | {yes / no} Default : no |
| AS_HIDE_OVERLAY_WINDOWS | Hide screen overlay option. This option will work from Android 12 device. - yes :Hide overlay windows on sealed app - no : Allow overlay windows on sealed app | Choice | {yes / no} Default : no |
| AS_ALLOW_EXTERNAL_TOOL | Macro and network tool option - macro : Allow macro tools - sniff : Allow packet sniffing and spoofing tools | Extended Choice | {macro, sniff} Default: not selected. |
| AS_SERVICE_TYPE | AppSealing service type options - HYBRID_AOS : Hybrid AppSealing. React Native, Ionic, Cordova Framework should use this option. - NATIVE_AOS :Native AppSealing.If your app is not the HYBRID_AOS type, currently this option is not required. | Choice | { HYBRID_AOS / NATIVE_AOS } Default : NATIVE_AOS |
| AS_FRAMEWORK | Your App's framework - Hybrid Frameworks should explicitly use this option - REACT_NATIVE: Use this when you are uploading React Native app. - IONIC: Use this when you are uploading Ionic app. - CORDOVA: Use this when you are uploading Cordova app.** | Choice | **{REACT_NATIVE / IONIC / CORDOVA} Default : not selected |
| AS_APP_SIGNING | Automatic app signing option after sealing App-signing can be applied along with sealing. - none : Only sealing is applied without additional app signing. - appsealing_key : After sealing, it is signed with the appsealing`s signing key for test purpose. In case of AAB package, this option applies as 'none' value and the app is unsigned. - registered_key : After sealing, it is signed with the app signing key registered on AppSealign console with your account. | Choice | {none / appsealing_key / registered_key } Default : none |
* Provided separately and only the provided value must be used
** Must select only one value
*** Multiple values can be selected by using delimiter with ',' (comma). Default value is None(Empty String)
[Required] Parameter must be configured and Default value is not configured
# Examples of parameter type settings
Figure 2‑1 String type parameter setting
Figure 2‑2 Option type parameter setting
Figure 2‑3 Extended option type setting
# Execution Script Configuration
# Linux & Mac
java -jar ${AS_JAR_PATH} -url ${AS_URL} -authkey ${AS_AUTH_KEY} -srcapk ${AS_SRC_APK} -sealedapk ${AS_SEALED_APK}
-deploymode ${AS_DEPLOY_MODE} -block_environment ${AS_BLOCK_ENVIRONMENT} -allow_emulator ${AS_ALLOW_EMULATOR} -allow_external_tool ${AS_ALLOW_EXTERNAL_TOOL} -dex_encrypt ${AS_DEX_ENCRYPT}
-select_dex_encrypt #{AS_SELECTIVE_DEX_ENCRYPT} -service_version ${AS_SERVICE_VERSION} -app_type ${AS_APP_TYPE} -allow_external_tool ${AS_ALLOW_EXTERNAL_TOOL} -block_work_profile=${AS_BLOCK_WORK_PROFILE} -allow_work_profiles=${AS_ALLOW_WORK_PROFILES} -block_keylogger=${AS_BLOCK_KEYLOGGER} -service_type ${AS_SERVICE_TYPE} -framework ${AS_FRAMEWORK} –app_signing ${AS_APP_SIGNING}
Figure 3‑4 Linux & Mac shell script example
# Windows
java -jar %AS_JAR_PATH% -url %AS_URL% -authkey %AS_AUTH_KEY% -srcapk %AS_SRC_APK% -sealedapk %AS_SEALED_APK% -deploymode %AS_DEPLOY_MODE% -block_environment %AS_BLOCK_ENVIRONMENT% -allow_emulator %AS_ALLOW_EMULATOR% -allow_external_tool %AS_ALLOW_EXTERNAL_TOOL% -dex_encrypt %AS_DEX_ENCRYPT% -select_dex_encrypt %AS_SELECTIVE_DEX_ENCRYPT% -service_version %AS_SERVICE_VERSION% -app_type %AS_APP_TYPE% -allow_external_tool %AS_ALLOW_EXTERNAL_TOOL% -block_work_profile %AS_BLOCK_WORK_PROFILE% -allow_work_profiles=%AS_ALLOW_WORK_PROFILES% -block_keylogger=%AS_BLOCK_KEYLOGGER% -service_type %AS_SERVICE_TYPE% -framework %AS_FRAMEWORK% -app_signing %AS_APP_SIGNING%E% -framework %AS\_FRAMEWORK% -app\_signing %AS\_APP\_SIGNING%
Figure 3‑5 Windows batch command script example
# Example of configured screen
Figure 3‑6 Jenkins Build example