MASTG-TEST-0272: Identify Dependencies with Known Vulnerabilities in the Android Project

Content in BETA

This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Overview

In this test case we will identify dependencies in Android Studio and scan them with dependency-check.

Steps

1. Follow Software Composition Analysis (SCA) of Android Dependencies at Build Time and execute a scan through the build environment of Android Studio by using Gradle.

Observation

The output should include the dependency and the CVE identifiers for any dependency with known vulnerabilities.

Evaluation

The test case fails if you can find dependencies with known vulnerabilities.

Demos

MASTG-DEMO-0051: Identifying Insecure Dependencies through SBOM Creation MASTG-DEMO-0050: Identifying Insecure Dependencies in Android Studio