Get started on the Black Duck Developer Portal

When you're building security into the CI/CD pipeline, you can automate and integrate with Polaris in multiple ways.

Choose the method that fits your situation the best.
  • Bridge command line interface (Bridge CLI)
  • Out-of-the-box integrations for popular SCM providers, automation, and issue tracking systems
  • REST APIs

Command line interface

You can download a lightweight package and install the Bridge CLI client on your build server or a local machine. Bridge CLI provides a simple interface that you can use to easily insert Polaris testing in your CI/CD pipeline, but the heavy computation related to analysis happens on Polaris cloud servers. Bridge CLI does all the following:

  • Initiate code scans in your environment (SAST or SCA scans are available).
  • Automatically download and install the tools needed to capture code and upload it for testing. All you have to do is run the command line tool
  • Automatically configure SAST testing, in many simple cases, so project owners don't have to.
  • Allow the option of uploading a configuration file, for teams that choose to manage their own configuration.
  • Upload captured files to the Polaris server for analysis.
  • Apply post-scan policies to trigger appropriate actions, such as breaking the build when a test finds a specified number or type of issues.
  • Deliver a short summary of the scan results, including a link to the full results in the UI.

Get started with Bridge CLI

Out-of-the-box integrations

Integrations allow Polaris to interoperate with third-party platforms:

  • Azure DevOps
  • Bitbucket
  • GitHub
  • GitLab
  • Jenkins

Capabilities include:

  • Run automated tests when someone commits on the main branch in your repository.
  • Fail the build in your CI system when a high-severity issue is found.

Get started with repository integrations

Additionally, you can Additionally, you can manually export issues captured in tests to Azure DevOps or Jira, or use issue policies to automatically export issues to Azure DevOps or Jira.

Get started with issue tracking integrations

REST API

The application programming interface exposes all the capability of Polaris through a standardized, well-documented set of services. Everything that Polaris does is available through the APIs, but the services are especially useful for sifting through issue data. For example.

  • Retrieve all issues from the latest test, or just new issues
  • Query issue information, sorting by issue type, issue severity, triage status, and other properties
  • Query status of projects in terms of total issues, severity of issues, and other properties

Get started with APIs