Compilation Instructions for React Native

Compilation Guide

See the master compilation guidelines for instructions for other platforms.

Required Files

You can submit your React Native application as source code, as a compiled iOS archive (IPA) or Android package (APK).

Supported React Native Versions

Technology Platform Version
JavaScript/React Native Android, iOS 0.50-0.54

Packaging Guidance

When analyzing React Native applications submitted as IPA or APK files, Veracode must properly identify the JavaScript bundle that contains much of the application logic. To ensure that Veracode can identify the bundle consistently, and that Veracode has all of the context necessary for analysis, Veracode requires modifications to the default React Native build scripts in order to produce a package for analysis.

The React Native build must include a source map file, and the following configuration parameters ensure that the file is created with a consistent name so that Veracode can use it for analysis.

If uploading source files for your React Native application, upload a compressed ZIP archive containing all React Native source code to the Veracode Platform. Do not submit files that have been built using webpack or other packaging mechanisms. Source files must be UTF-8 encoded.

Configuration for iOS

Add the following line to the react-native-xcode.sh configuration file:
--sourcemap-output "$BUNDLE_FILE.map"

Produce a build via Xcode, ensure that it has the IPA file extension, and then upload that file to Veracode for analysis.

Configuration for Android

You must modify two components to produce a package for analysis.

First, modify the Gradle configuration, build.gradle file, to define the bundle name as follows:

project.ext.react = [
bundleAssetName: "main.jsbundle",
]
Next, edit the Android packager script, ./node_modules/react-native/react.gradle to add the following modifications to the build script:
def jsBundleMapFile = "${jsBundleFile}.map"
 "--sourcemap-output", jsBundleMapFile

After you make these modifications to the build scripts, use Gradle to create an APK file, and then upload that file to Veracode for analysis.