Packaging React Native Applications

Veracode Packaging Requirements

Your React Native applications must meet specific compilation requirements before you can submit them for scanning.

See Supported Languages and Platforms for instructions for other platforms.

Required Files

Veracode recommends that you submit your React Native application as an archive containing the source code. You can also submit your application as a compiled iOS archive (IPA) or a compiled Android package (APK).

Supported React Native Versions

Technology Platform Version
JavaScript/React Native Android, iOS 0.50–0.6x

Packaging Guidance

When uploading a ZIP archive of the source code to Veracode, do not submit files that you built using webpack or other packaging mechanisms. Source files must be UTF-8 encoded.

To ensure that a source file has a consistent name that Veracode can use for analysis, Veracode recommends that you modify the configuration files you use for iOS or Android.

Configuration for iOS

Add this line to the configuration file:

   --sourcemap-output "$"

Create a build using Xcode and ensure that it has the IPA file extension. Then, upload that file to Veracode for analysis.

Configuration for Android

You must modify two components to produce a package for analysis, in this sequence:

  1. Modify the Gradle configuration file build.gradle to define the bundle name:

     project.ext.react = [
          bundleAssetName: "main.jsbundle",
  2. Edit the Android packager script ./node_modules/react-native/react.gradle to add these modifications to the build script:

    def jsBundleMapFile = "${jsBundleFile}.map"
          "--sourcemap-output", jsBundleMapFile

After you make these modifications to the build scripts, use Gradle to create an APK file. Then, upload that file to Veracode for analysis.