APK scanner

Last updated: Jun 25, 2026

For common configuration file keys that apply to all scanners, see Use a configuration file.

Specific configuration file keys

The following key is available only for the MAST scanner:

mast

This key has two configuration options:

include (optional; provide at least one path for a useful scan): Paths to files or directories to analyze
exclude (optional): Files or directories to exclude from the analysis

For example:

apk:
  include:
    - relative/path/to/directory/
  # Optional keys
  exclude:
    - glob(src/**/test*.apk)

For instructions on how to specify paths in the include and exclude subsections, see Use a configuration file.

Configuration file example

Below is an example of a highly personalized configuration file:

namespace: my_app
working_dir: ./
commit: e59607b9de3ef4c13d292705fg3da1ff0c67eb38
language: EN
output:
  file_path: /fluid-attacks-results.csv
  format: CSV
apk:
  include:
    - glob(**/**.apk)
  exclude:
    - src/test/test_apk.apk

Have a question about the scanner or encountered a problem? Read "Scanner FAQ".

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' pentesting team, fill out this contact form.

APK scanner

Specific configuration file keys

mast

Configuration file example

On this page