Apk

Figure 1. OSV Scanner Security is a critical aspect of software development, and staying ahead of vulnerabilities is essential for us application developers. Google’s OSV Scanner is a powerful tool that helps detect vulnerabilities in open-source dependencies. This article will guide us through setting up and using OSV Scanner to secure our projects, scan for invalid licenses, scan OCI images and finally how to fix findings via guided remediation. ...

There is a nice Maven plugin helping you signing your Android app – the Maven Jar Signer Plugin. If you want to learn more about Maven integration in an android project take a look at this article. Maven Profile Setup Add the following code to your pom.xml <?xml version="1.0"?> <profiles> <profile> <id>sign</id> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jarsigner-plugin</artifactId> <version>1.2</version> <executions> <execution> <id>signing</id> <goals> <goal>sign</goal> </goals> <phase>package</phase> <inherited>true</inherited> <configuration> <archiveDirectory/> <includes> <include>target/*.apk</include> </includes> <keystore>path/to/keystore</keystore> <storepass>storepasword</storepass> <keypass>keypassword</keypass> <alias>key-alias</alias> </configuration> </execution> </executions> </plugin> <plugin> <groupId>com.jayway.maven.plugins.android.generation2</groupId> <artifactId>maven-android-plugin</artifactId> <inherited>true</inherited> <configuration> <sign> <debug>false</debug> </sign> </configuration> </plugin> </plugins> </build> </profile> </profiles> ...