Vulnerability Scanner for iOS Build and Test Anka macOS VM images

Up until a few years ago, the focus of software security was securing the perimeter. However, with the wide adoption of containers and service-based architecture for software applications and services, the responsibility of security is falling on developers. Securing the software supply chain is now the key area of focus with President Biden signing an executive order mandating changes on how software is secured during the development, build and deploy cycles for software companies that do business with the federal government.

Securing the software supply chain means knowing exactly what components are being used in the software products as it goes through the coding, building, testing, and deployment stages. This includes having visibility into even the code you didn’t write, like open-source or third-party dependencies, or any other artifacts, and being able to prove their provenance.

In the iOS and macOS application development, we see a limited set of solutions to enable software supply chain security. There are tools to do scanning of code repositories, App Store verification and that’s pretty much it. As the iOS apps move from the coding stage to the build and test stages, there is a large blind spot into what dependencies and packages get installed, downloaded during the subsequent build and test stage, and what if any vulnerabilities are introduced from those. Hence, here at Veertu, we have started to focus on building solutions specifically targeting these areas. This is why we’re happy to announce our first iteration: A security scanner that identifies all packages, dependencies, and associated vulnerabilities inside macOS Anka virtual machine images stored in the Anka registry. This enables you to identify and take corrective action on the images before you start using them in your CI/CD/automation pipelines. This is a critical step in ensuring that the macOS VM images that are used to build and test iOS applications don’t contain malicious packages and provide 100% visibility into packages installed and vulnerabilities inside those packages.

Today, we are announcing the early availability of this solution. Send us an email at [email protected] to participate in this beta program to start to test this in your Anka Build environment.

Share this post

gitlab-with-anka
Anka Cloud Gitlab Executor
Veertu’s Anka and the new Anka Cloud Gitlab Executor Veertu’s Anka is a suite of software tools built on the macOS virtualization platform. It enables the execution of single or multi-use macOS virtual machines (VMs) in a manner similar to Docker....
Read More
mac-scan-v1
Real-Time CVE Scanning of your macOS Build Systems
It’s common that an organization’s macOS build system will download thousands, sometimes tens of thousands of third-party dependencies every hour. When building and testing iOS applications, it typically downloads and installs third-party...
Read More
anka-on-silicon-v1
The ONLY Fully Automated Apple Silicon macOS VM Creation Solution
Starting in Anka 3.1 we announced that Anka is now able to fully automate the macOS installation processes, disabling SIP, and enabling VNC — all previously manual steps users had to perform inside o the VM. At the time of writing this article,...
Read More
anka_click
Scripting macOS UI User Actions With Anka Click
Starting in Anka 3.2, we’ve introduced a solution for scripting macOS UI user actions. You may ask, “Why would I want to do that?”. Well, often macOS configuration and applications do not have a CLI allowing you to perform certain actions...
Read More
mac-scan-fullscan-shells-v3
Real-time, continuous scan of file downloads on macOS for security vulnerabilities
Today, we are announcing the Beta availability of the Mac Scan solution. Mac Scan software runs on macOS systems (bare metal, virtual, EC2 Mac) and scans downloads in real time for security vulnerabilities. There are multiple scenarios why you would...
Read More
Screen Shot 2022-10-17 at 10.13
Anka 3.1- Fully automated VM macOS installation & The Behavior-Driven macOS UI Automation Framework
We are very happy to announce the General Availability of Anka 3.1 for Apple Silicon / ARM macs. In this release, we are taking our approach to iOS CI automation one step further by introducing a Behavior-Driven macOS UI Automation Framework in Anka,...
Read More
ankam1v2
Migrating from Anka on Intel to Anka on M1 Mac for iOS CI
In this blog, we will cover the key topics for migrating from Anka on Intel to Anka on M1/M2 Macs. Anka is an IaaC solution from Veertu to set up an agile Container like CI for iOS CI using macOS VMs. Anka for Intel uses Apple’s Hypervisor.Framework virtualization...
Read More
ami-scanner-featured-v2
World's first Security Vulnerability scanner for EC2 Mac AMIs
We are excited to announce the General Availability of the world’s first security vulnerability scanner for EC2 Mac AMIs. EC2 Mac AMI Scan scans Intel and Apple Silicon macOS EC2 AMIs, detects security vulnerabilities in third-party packages, dependencies,...
Read More
esxi-to-anka
It's time to migrate your iOS CI from ESXi Virtual Mac Infrastructure to native macOS Virtualization
When VMWare ESXi started officially supporting Apple macOS Virtualization on Mac hardware in late 2012, it opened the doors for the possibility of iOS development to move to a Linux-like, agile, scalable CI infrastructure. Soon enough, many iOS enterprise...
Read More
anka-scan-feature
Security vulnerability scanning with Anka Scan
We are excited to announce the general availability (GA) of Anka Scan v1.0.0. As development teams increasingly adopt Infrastructure-as-code for development and production, the incident with Log4J in December 2021 highlighted the importance of security...
Read More