Get started on the Black Duck Developer Portal

When you're building security into the CI/CD pipeline, you can automate and integrate with Polaris in multiple ways.

Choose the method that fits your situation the best.
  • Command line interface tool
  • Out-of-the-box integrations for popular SCM providers, automation, and issue tracking systems
  • REST APIs

Command line interface

You can download a lightweight package and install the Synopsys Bridge CLI client on your build server or a local machine. Synopsys Bridge provides a simple interface that you can use to easily insert Polaris testing in your CI/CD pipeline, but the heavy computation related to analysis happens on Polaris cloud servers. Synopsys Bridge does all the following:

  • Initiate code scans in your environment (SAST or SCA scans are available).
  • Automatically download and install the tools needed to capture code and upload it for testing. All you have to do is run the command line tool
  • Automatically configure SAST testing, in many simple cases, so project owners don't have to.
  • Allow the option of uploading a configuration file, for teams that choose to manage their own configuration.
  • Upload captured files to the Polaris server for analysis.
  • Apply post-scan policies to trigger appropriate actions, such as breaking the build when a test finds a specified number or type of issues.
  • Deliver a short summary of the scan results, including a link to the full results in the UI.

Get started with Synopsys Bridge

Out-of-the-box integrations

Integrations allow Polaris to interoperate with third-party platforms:

  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps
  • Jenkins
  • Jira

Capabilities include:

  • Run automated tests when someone commits on the main branch in your repository.
  • Create an issue in Jira when Polaris finds a relevant new issue in a test.
  • Fail the build in your CI system when a high-severity issue is found.

Get started with repository integrations.

REST API

The application programming interface exposes all the capability of Polaris through a standardized, well-documented set of services. Everything that Polaris does is available through the APIs, but the services are especially useful for sifting through issue data. For example.

  • Retrieve all issues from the latest test, or just new issues
  • Query issue information, sorting by issue type, issue severity, triage status, and other properties
  • Query status of projects in terms of total issues, severity of issues, and other properties

Get started with APIs