Objective-C Application Analysis

Files named Podfile.lock (generated by Cocoapods) will be analyzed.

The dependencies under the "PODS" section are evaluated. For example:

PODS:
  - GDTMobSDK (4.10.2):
    - GDTMobSDK/GDTMobSDK (= 4.10.2)

Invoke a Sonatype IQ CLI scan of a directory or subdirectories containing a Podfile.lock file. Instructions on how to do this can be found here: Sonatype IQ CLI.

Example Podfile.lock file (file is edited for clarity)

PODS:
  - ADMobGenAdapter (1.5.2):
    - ADMobGenFoundation
  - ADMobGenFoundation (0.7.2)
  - ADMobGenGDT (4.10.0):
    - ADMobGenAdapter
    - ADMobGenFoundation
    - GDTMobSDK (= 4.10.2)
  - GDTMobSDK (4.10.2):
    - GDTMobSDK/GDTMobSDK (= 4.10.2)
  - GDTMobSDK/GDTMobSDK (4.10.2)
  - YogaKit (1.2.0)
  - libpng (1.4.9)
  - libpng (1.0.8)
  - GethDevelop (1.8.17)

DEPENDENCIES:
  - ADMobGenGDT (from `../`)

SPEC REPOS:
  https://github.com/cocoapods/specs.git:
    - ADMobGenAdapter
    - ADMobGenFoundation
    - GDTMobSDK

EXTERNAL SOURCES:
  ADMobGenGDT:
    :path: "../"

SPEC CHECKSUMS:
  ADMobGenAdapter: 5ab3531d5659c96812e6da545c1ec160b9991a2e
  ADMobGenFoundation: de6e4f7b09df256a347878d0f0e0438c1feac94e
  ADMobGenGDT: 77d18f682136e9e90fc9e5dfb0fc57637d5441d7
  GDTMobSDK: 6fde44a4f80c36051d5d879df8bb280034c31431

PODFILE CHECKSUM: 441850ec31e67c6ea8241a64c55657d490e51d66

COCOAPODS: 1.7.0.beta.2

By default, the Jenkins plugin will not evaluate the Podfile.lock file. A custom Scan Target is needed.

Example Pipeline Script with Scan Patterns

nexusPolicyEvaluation iqApplication: 'SampApp', iqScanPatterns: [[scanPattern: '**/Podfile.lock']], iqStage: 'build'

To find more information on configuring Jenkins, please go to Sonatype Platform Plugin for Jenkins.

Bamboo Scan Targets control what files are examined. To evaluate Objective-C, add Podfile.lock to the scan targets via "**/Podfile.lock". To find more information on configuring Bamboo, please go to Lifecycle for Bamboo.