# Jenkins Integration

# Overview

Jenkins, a versatile open-source automation server, can be effectively paired with the AppSealing CLI tool for enhanced security automation. Follow our step-by-step guide for straightforward installation and integration using the configuration file. Additionally, explore advanced integration options through Jenkins Parameter settings for tailored security measures.

# AppSealing Jenkins parameter settings

Parameters Definition Type Settings Value
AS_JAR_PATH <Required> sealing.jar file path String ex) /opt/appsealing/sealing.jar
AS_URL <Required> Sealing API URL String https://api.appsealing.com/covault/gw
AS_AUTH_KEY <Required> Authentication key String ( Provided separately )
AS_SRC_APK <Required> original APK/AAB file path String ex)./source/application.apk
AS_SEALED_APK <Required> Path to save the Sealed APK/AAB file String ex)./source/application_sealed.apk
AS_APP_TYPE Sealing security service
- GAME : Game security service
- NON_GAME : Non-game security service
String Default : GAME
AS_SERVICE_VERSION Sealing service version number String Ex) 2.31.0.0
Default: latest
AS_DEPLOY_MODE <Required> ** Deploy mode **
# - test : AppSealing watermark displayed
# - release : No AppSealing watermark_
Choice {test / release}
Default : test
AS_DEX_ENCRYPT DEX encryption option
-no : DEX encryption not applied
-yes : apply DEX encryption
Choice { no / yes }
Default : no
AS_SELECTIVE_DEX_ENCRYPT Selective Dex Encryption Option
(This option is Recognized only when the DEX encryption is applied.)
- no: encryption for whole dex files
- yes: encryption for some classes and packages
Choice {no / yes}
Default : no
AS_BLOCK_ENVIRONMENT Emulator and root environment option
- emulator : Blocks app running on emulator
- rooting : Blocks app running on rooted device
- Supported emulator : BlueStacks, Nox, LDPlayer
Extended choice { emulator, rooting}
Default : not selected
AS_ALLOW_EMULATOR Allow exceptional emulator when all emulator is blocked
- LDPlayer : Allow LDPlayer
- BlueStacks : Allow Bluestacks
- Nox : Allow Nox app player
- Other emulators will be supported in future
Extended choice { BlueStacks, Nox, LDPlayer }
Default : not selected
AS_BLOCK_WORK_PROFILE Work profile option(Block app execution from work profile environment such as Samsung Secure folder)
- yes : Block app execution
- no : Allow app execution
Choice {yes / no}
Default : yes
AS_ALLOW_WORK_PROFILES Allow exceptional work profiles when all work profiels are blocked.
- Samsung SecureFolder
Extended Choice {Samsung SecureFolder}
Default: not selected.
AS_BLOCK_KEYLOGGER Key logger block option
- yes :Block app running with key logging tool
- no : Allow app running with key logging tool
Choice {yes / no}
Default : no
AS_HIDE_OVERLAY_WINDOWS Hide screen overlay option. This option will work from Android 12 device.
- yes :Hide overlay windows on sealed app
- no : Allow overlay windows on sealed app
Choice {yes / no}
Default : no
AS_ALLOW_EXTERNAL_TOOL Macro and network tool option
- macro : Allow macro tools
- sniff : Allow packet sniffing and spoofing tools
Extended Choice {macro, sniff}
Default: not selected.
AS_SERVICE_TYPE AppSealing service type options
- HYBRID_AOS : Hybrid AppSealing. React Native, Ionic, Cordova Framework should use this option.
- NATIVE_AOS :Native AppSealing.If your app is not the HYBRID_AOS type, currently this option is not required.
Choice { HYBRID_AOS / NATIVE_AOS }
Default : NATIVE_AOS
AS_FRAMEWORK Your App's framework
- Hybrid Frameworks should explicitly use this option
- REACT_NATIVE: Use this when you are uploading React Native app.
- IONIC: Use this when you are uploading Ionic app.
- CORDOVA: Use this when you are uploading Cordova app.**
Choice **{REACT_NATIVE / IONIC / CORDOVA}
Default : not selected
AS_APP_SIGNING Automatic app signing option after sealing
App-signing can be applied along with sealing.
- none : Only sealing is applied without additional app signing.
- appsealing_key : After sealing, it is signed with the appsealing`s signing key for test purpose. In case of AAB package, this option applies as 'none' value and the app is unsigned.
- registered_key : After sealing, it is signed with the app signing key registered on AppSealign console with your account.
Choice {none / appsealing_key / registered_key }
Default : none

* Provided separately and only the provided value must be used

** Must select only one value

*** Multiple values can be selected by using delimiter with ',' (comma). Default value is None(Empty String)

[Required] Parameter must be configured and Default value is not configured

# Examples of parameter type settings

Figure 2‑1 String type parameter setting

Figure 2‑2 Option type parameter setting

Figure 2‑3 Extended option type setting

# Execution Script Configuration

# Linux & Mac

java -jar ${AS_JAR_PATH} -url ${AS_URL} -authkey ${AS_AUTH_KEY} -srcapk ${AS_SRC_APK} -sealedapk ${AS_SEALED_APK} 
-deploymode ${AS_DEPLOY_MODE} -block_environment ${AS_BLOCK_ENVIRONMENT} -allow_emulator ${AS_ALLOW_EMULATOR} -allow_external_tool ${AS_ALLOW_EXTERNAL_TOOL} -dex_encrypt ${AS_DEX_ENCRYPT} 
-select_dex_encrypt #{AS_SELECTIVE_DEX_ENCRYPT} -service_version ${AS_SERVICE_VERSION} -app_type ${AS_APP_TYPE} -allow_external_tool ${AS_ALLOW_EXTERNAL_TOOL} -block_work_profile=${AS_BLOCK_WORK_PROFILE} -allow_work_profiles=${AS_ALLOW_WORK_PROFILES} -block_keylogger=${AS_BLOCK_KEYLOGGER} -service_type ${AS_SERVICE_TYPE} -framework ${AS_FRAMEWORK} –app_signing ${AS_APP_SIGNING}

Figure 3‑4 Linux & Mac shell script example

# Windows

java -jar %AS_JAR_PATH% -url %AS_URL% -authkey %AS_AUTH_KEY% -srcapk %AS_SRC_APK% -sealedapk %AS_SEALED_APK% -deploymode %AS_DEPLOY_MODE% -block_environment %AS_BLOCK_ENVIRONMENT% -allow_emulator %AS_ALLOW_EMULATOR% -allow_external_tool %AS_ALLOW_EXTERNAL_TOOL% -dex_encrypt %AS_DEX_ENCRYPT% -select_dex_encrypt %AS_SELECTIVE_DEX_ENCRYPT% -service_version %AS_SERVICE_VERSION% -app_type %AS_APP_TYPE% -allow_external_tool %AS_ALLOW_EXTERNAL_TOOL% -block_work_profile %AS_BLOCK_WORK_PROFILE% -allow_work_profiles=%AS_ALLOW_WORK_PROFILES% -block_keylogger=%AS_BLOCK_KEYLOGGER% -service_type %AS_SERVICE_TYPE% -framework %AS_FRAMEWORK% -app_signing %AS_APP_SIGNING%E% -framework %AS\_FRAMEWORK% -app\_signing %AS\_APP\_SIGNING%

Figure 3‑5 Windows batch command script example

# Example of configured screen

Figure 3‑6 Jenkins Build example

Last Updated: 3/19/2024, 3:04:41 AM