Protect your customer data and your reputation with our state-of-the-art security
Secure valuable gaming revenue streams & maintain user trust with our Unity integration
Secure your e-commerce revenue & safeguard data by layering mobile app protection
Guardsquare iXGuard enables developers to protect their iOS applications and libraries from reverse engineering and tampering.
Protection takes place at the compilation stage, this is why our users often integrate this step into their Continuous Integration (CI) system.
Usually automating this step is as simple as running one operating system command to launch iXGuard. However, cloud-based CI systems often offer short-lived build nodes that start from a clean slate. All dependencies like libraries and tools have to be downloaded and installed using a scripted action.
Since version 4.6.x iXGuard is available for automated download through the Guardsquare CLI tool.
Read on to learn how to solve this problem and have your cloud CI setup up and running.
ssh-keygento generate a new key pair, and then add it to the
eval "$(ssh-agent -s)" ssh-add --apple-use-keychain ~/.ssh/<your-key-file-name>
curl https://downloads.guardsquare.com/cli/latest_macos_amd64 -sL | tar -x && sudo mv -i guardsquare /usr/local/bin/
guardsquare --ssh-agent download ixguard -o ixguard.pkg
sudo installer -pkg ixguard.pkg
Our goal was making the automated setup of the CI build nodes as easy as possible, and at the same time keep access to Guardsquare tools strictly on a need-to-use basis.
Our ideal solution would be:
In the future we expect that our customers’ use of cloud CI systems will only increase. This in turn will increase the load on the download infrastructure.
We solved this problem by hosting the files on a scalable performant cloud object storage located at the infrastructure of a global cloud vendor. This way Guardsquare never becomes a bottleneck for the customers’ CI process and is able to provide excellent speed for everyone.
We had to make sure that every step of the process (except the initial setup) can run automatically using a command-line script.
The most critical step in the process is getting a secure link and downloading the correct version of iXGuard. To automate this step better we have implemented Guardsquare CLI. You can get the single-binary cli from Guardsquare servers using a simple
Guardsquare download CLI command supports semver version string, for example this command will download iXGuard version 4.6:
guardsquare --ssh-agent download email@example.com -o ixguard.pkg
-o switch provides an option to give a predefined name to the downloaded file, so that it can later be installed with an
To make the downloads secure we chose the SSH key-based authentication mechanism. This authentication schema should be familiar to you from GitHub, Azure DevOps, and many other services.
Simply register your SSH key on Guardsquare portal and your CLI will authenticate automatically.
To run iXGuard on your cloud CI build node you will need to install the correct license.
In preparation, download the license file manually from Guardsquare portal. Use your CI secrets manager to provision the license file on the build nodes. For example, for Microsoft Azure use the Secure files feature.
Pre-requisite: Setup a GitHub repository secret to store your SSH_PRIVATE_KEY which matches the public key you uploaded to the Guardsquare Customer Portal
# Workflow script to download and install iXGuard into an actions Node on: workflow_dispatch: jobs: install_ixguard: runs-on: macos-latest steps: - uses: actions/checkout@v3 # Make sure the @v0.7.0 matches the current version of the action - run: curl https://downloads.guardsquare.com/cli/latest_macos_amd64 -sL | tar -x && sudo mv -i guardsquare /usr/local/bin/ - uses: firstname.lastname@example.org with: ssh-private-key: $ # download the Guardsquare CLI - run: guardsquare --ssh-agent download ixguard -o ixguard.pkg - run: sudo installer -pkg ixguard.pkg -target /
Cloud CI systems provide reliable and scalable service to continuously build, scan, test, and deploy your applications. From now on, you can easily set up your cloud CI to protect your iOS application or SDK with Guardsquare.