> For the complete CircleCI developer hub index, see [llms.txt](https://circleci.com/developer/llms.txt)

# ostorlab-circleci/ostorlab

Scan mobile apps for outdated dependencies, hardcoded secrets, privacy leakages, and insecure code (Signup at ostorlab.co).


## Jobs

### ostorlab

Run a scan based on the user input params

| Parameter | Type | Default | Description |
|---|---|---|---|
| `asset_type` | string |  | Type of asset to scan. (['android-apk', 'android-aab', 'ios-ipa']) |
| `break_on_risk_rating` | string |  | Wait for the scan results and force the action to fail if the scan risk rating is equal or higher this value. (['HIGH', 'MEDIUM', 'LOW','POTENTIALLY]) |
| `extra` | string |  | Extra args are to be passed to Ostorlab CLI to create a scan, the common case is setting test credentials or specifying SBOM files for scanning. |
| `max_wait_minutes` | integer | 120 | Specifies the maximum number of minutes to wait for scan results. |
| `ostorlab_api_key` | string |  | Ostorlab API key |
| `scan_profile` | string |  | The scan profile |
| `scan_title` | string | Scan from CircleCI | The scan title |
| `target` | string |  | Path to file .apk|.ios file. |

## Examples

### fast

Start a fast scan on the target asset without waiting for the scan to finish. The scan results will be available in the Ostorlab platform.


```yaml
version: '2.1'
orbs:
  ostorlab: ostorlab-circleci/ostorlab@1.2.0
workflows:
  use-my-orb:
    jobs:
      - ostorlab/ostorlab:
          asset_type: android-apk
          ostorlab_api_key: API_KEY
          scan_profile: fast_scan
          scan_title: test
          target: files/app.apk
```

### full

Start a full scan on the target asset and wait for the scan to finish. also, the action will fail if the scan risk rating is equal or higher this value.


```yaml
version: '2.1'
orbs:
  ostorlab: ostorlab-circleci/ostorlab@1.2.0
workflows:
  use-my-orb:
    jobs:
      - ostorlab/ostorlab:
          asset_type: android-apk
          break_on_risk_rating: HIGH
          extra: >-
            --test-credentials-login=test_login
            --test-credentials-password=test_pass --sbom=package-lock.json
          max_wait_minutes: 120
          ostorlab_api_key: API_KEY
          scan_profile: fast_scan
          scan_title: test
          target: files/app.apk
```