mobsfscan

raw JSON →
0.4.5 verified Mon Apr 27 auth: no python

mobsfscan is a static analysis tool for finding insecure code patterns in Android and iOS source code. It supports Java, Kotlin, Swift, and Objective-C. Version 0.4.5 released April 2025. Release cadence: irregular.

pip install mobsfscan

Common errors

error ModuleNotFoundError: No module named 'semgrep'
cause semgrep dependency not installed.
fix
pip install semgrep==1.86.0
error mobsfscan: command not found
cause mobsfscan not installed or not in PATH.
fix
pip install mobsfscan

Warnings

gotcha mobsfscan is a CLI tool, not a Python library. Importing it in Python code is not supported. Run it as a shell command.
fix Use subprocess to call mobsfscan, or use the underlying semgrep rules directly.
breaking mobsfscan requires semgrep to be installed. Version 0.4.4+ pins semgrep to 1.86.0. Older versions may break with newer semgrep.
fix Ensure semgrep 1.86.0 is installed. Run: pip install 'semgrep==1.86.0'
deprecated Support for Python 3.7 and below may be dropped in future releases.
fix Upgrade to Python 3.8+.
gotcha Results may include false positives. Always review findings manually.
fix Use the --json or --sarif output to integrate with other tools and filter results.

Quickstart

Scans the given directory for insecure code patterns. Outputs results to console.

mobsfscan /path/to/source
last verified Mon Apr 27
next check Sun Jul 26