I am trying to scan my mobile app for the CASA verification. For various reasons I need to use a third party scanner to accomplish this. I am trying to use mobSF, but according to this (https://appdefensealliance.dev/casa/tier-2/ast-guide/custom-scan) I must get the OWASP benchmark scorecard for mobSF.
The issue is, mobSF only scans mobile applications? So I am not sure how I would be able to run mobSF against the OWASP scorecard test suite to generate the scorecard.
Has anyone been able to do this?