We need to add MOBSF_API_KEY variable to SAST template. Otherwise, MobSF will fail to run. MOBSF_API_KEY is only used for calling the service running inside the container: “http://mobsf:8000/”. In that case, it is safe to store the KEY in SAST template.
Designs
Child items
...
Show closed items
Linked items
0
Link issues together to show that they're related or that one is blocking others.
Learn more.
In that case, it is safe to store the KEY in SAST template.
Without this variable present, the MobSF container appears to autogenerate a random API key, which it prints in the log on startup. As far as I can tell, there is no easy way to retrieve the generated value. With this variable present, both the MobSF container and the GitLab SAST container use it as the API key.
Without storing this value in the template, it will not be possible to run the MobSF scanner without additional manual configuration. If any user does not want to use the default value, the user can set a different value (wither in their own .gitlab-ci.yml or in the CI settings) that should be used instead.