From d375585f49d09f7a62ab670bb45c8193b711c48d Mon Sep 17 00:00:00 2001
From: dlicheva <diana@ocurity.com>
Date: Tue, 16 Sep 2025 14:44:10 +0100
Subject: [PATCH 1/2] mobsf docs

---
 docs/reference/components/mobsf.md | 72 ++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 docs/reference/components/mobsf.md

diff --git a/docs/reference/components/mobsf.md b/docs/reference/components/mobsf.md
new file mode 100644
index 0000000..40b304a
--- /dev/null
+++ b/docs/reference/components/mobsf.md
@@ -0,0 +1,72 @@
+---
+sidebar_custom_props:
+  icon: "/img/components/mobsf.svg"
+title: 'MobSF'
+description: 'SAST Scanner for mobile applications.'
+sidebar_position: 5
+---
+
+# MobSF
+
+This scanner component runs the popular open source SAST for mobile applications
+MobSF. It can scan APK and Swift IPA files from an artefact target.
+
+## How to use with Smithy
+
+### Open-Source
+
+1. Add the component to the workflow
+
+```yaml
+# file: ./my-workflow/workflow.yaml
+description: Nancy based workflow
+name: mobsfscan
+components:
+  - component: ghcr.io/smithy-security/smithy/images/components/targets/git-clone:v1.3.4
+  - component: ghcr.io/smithy-security/smithy/manifests/components/scanners/mobsf:v0.0.4
+  - component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.2
+  - component: ghcr.io/smithy-security/smithy/manifests/components/reporters/json-logger:v1.0.2
+```
+
+2. Configure the run parameters of the artefact target component in the overrides file:
+
+```yaml
+# file: ./my-workflow/overrides.yaml
+source-code-artifact:
+  - name: "artifact_url"
+    type: "string"
+    value: "https://github.com/prateek147/DVIA-v2/releases/download/v2.0/DVIA-v2-swift.ipa"
+  - name: "artifact_repository_url"
+    type: "string"
+    value: "https://github.com/prateek147/DVIA-v2"
+  - name: "artifact_id"
+    type: "string"
+    value: "DVIA-v2-swift.ipa"
+  - name: "artifact_reference"
+    type: "string"
+    value: "main"
+```
+
+### SaaS
+
+1. In the Smithy UI, open the page to create a new workflow.
+2. Add a an Artefact target and configure it to point to a file with the
+   compiled file for a mobile application (see the example above).
+3. Find MobSF in the Scanners dropdown. Click to add it to the workflow.
+4. Run the workflow as normal.
+
+## Options
+
+You can configure this component with the following options:
+
+| Option Name                                 | Description                                              | Default | Type   |
+|---------------------------------------------|----------------------------------------------------------|---------|--------|
+| **\[Required]** client_request_timeout      | General timeout for operations (s)	                      | 10      | Number |
+| **\[Required]** client_max_retries          | Maximum retry attempts                                   | 5       | Number |
+| **\[Required]** client_retry_delay          | Delay between retries (s)	                               | 10      | Number |
+| **\[Required]** startup_timeout             | Maximum time to wait for startup (s)                     | 30      | Number |
+| **\[Required]** scan_completion_max_backoff | Maximum backoff duration for scan completion retries (s) | 200     | Number |
+
+Check out
+guidance [here](https://github.com/smithy-security/smithy/blob/main/components/scanners/mobsf/scanner/README.md)
+to correctly set-up the options.

From edcbf48d1274ebd6cbb1e362658e953ea22fedf6 Mon Sep 17 00:00:00 2001
From: dlicheva <diana@ocurity.com>
Date: Tue, 16 Sep 2025 15:12:47 +0100
Subject: [PATCH 2/2] fix typos

---
 docs/reference/components/mobsf.md     | 4 ++--
 docs/reference/components/mobsfscan.md | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/reference/components/mobsf.md b/docs/reference/components/mobsf.md
index 40b304a..a7851a6 100644
--- a/docs/reference/components/mobsf.md
+++ b/docs/reference/components/mobsf.md
@@ -19,10 +19,10 @@ MobSF. It can scan APK and Swift IPA files from an artefact target.
 
 ```yaml
 # file: ./my-workflow/workflow.yaml
-description: Nancy based workflow
+description: mobsf workflow
 name: mobsfscan
 components:
-  - component: ghcr.io/smithy-security/smithy/images/components/targets/git-clone:v1.3.4
+  - component: ghcr.io/smithy-security/smithy/images/components/targets/source-code-artifact:v0.1.0
   - component: ghcr.io/smithy-security/smithy/manifests/components/scanners/mobsf:v0.0.4
   - component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.2
   - component: ghcr.io/smithy-security/smithy/manifests/components/reporters/json-logger:v1.0.2
diff --git a/docs/reference/components/mobsfscan.md b/docs/reference/components/mobsfscan.md
index dce60d2..117e5c6 100644
--- a/docs/reference/components/mobsfscan.md
+++ b/docs/reference/components/mobsfscan.md
@@ -1,6 +1,6 @@
 ---
 sidebar_custom_props:
-   icon: "/img/components/mobsf.svg"
+  icon: "/img/components/mobsf.svg"
 title: 'MobSF Scan'
 description: 'SAST Scanner for mobile applications.'
 sideba\_position: 5
@@ -19,7 +19,7 @@ MobSF Scan.
 
 ```yaml
 # file: ./my-workflow/workflow.yaml
-description: Nancy based workflow
+description: mobsfscan workflow
 name: mobsfscan
 components:
   - component: ghcr.io/smithy-security/smithy/images/components/targets/git-clone:v1.3.4