makes icon indicating copy to clipboard operation
makes copied to clipboard
verified publisher icon fluidattacks

Issues with APK scan

Open MathieuBrousseIDO opened this issue 1 year ago • 0 comments

Hi,

I'm running into an issue while trying to scan my project for a casa tiers 2 assesments. SAST and SCA scan are working fine but APK scan is not. I'm using the latest docker image on Mac OS.

docker run -v {path_to_project}:/src fluidattacks/cli:latest skims scan /src/config-apk.yaml

The configuration is really basic config-apk.txt

The process runs during four days and then i got some errors. With my full project i've got a timeout during decompilation, and then the process stopped when generating the SBOM apkscanfullproject.log I tried several times with few config changes but got the same result.

Then i tried with an empty android project that just include the full project gradle dependencies : apkscan.log

There are some results but still a timeout so i'm not sure that all the tests were run successfully.

Is there a mis-configuration that can explain both decompilation timeout and sbom generation "crash" ?

Regards,

MathieuBrousseIDO avatar Oct 14 '24 13:10 MathieuBrousseIDO