mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.
Hi, recently I work on a collection of Semgrep rules to cover the static tests described by the OWASP MASTG.
This is the official repo: https://github.com/mindedsecurity/semgrep-rules-android-security
Why not include these rules in MobFS? 😃
Hope you like it! 👍
Hi @rafaelhziliao,
no, they have not yet updated with the proposed rules. If you want to use the rules collection I recommend you refer to the official repository.
https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2195
Reported by :@gand3lf