Get started on the Black Duck Developer Portal
When you're building security into the CI/CD pipeline, you can automate and integrate with Polaris in multiple ways.
- Bridge command line interface (Bridge CLI)
- Out-of-the-box integrations for popular SCM providers, automation, and issue tracking systems
- REST APIs
Command line interface
You can download a lightweight package and install the Bridge CLI client on your build server or a local machine. Bridge CLI provides a simple interface that you can use to easily insert Polaris testing in your CI/CD pipeline, but the heavy computation related to analysis happens on Polaris cloud servers. Bridge CLI does all the following:
- Initiate code scans in your environment (SAST or SCA scans are available).
- Automatically download and install the tools needed to capture code and upload it for testing. All you have to do is run the command line tool
- Automatically configure SAST testing, in many simple cases, so project owners don't have to.
- Allow the option of uploading a configuration file, for teams that choose to manage their own configuration.
- Upload captured files to the Polaris server for analysis.
- Apply post-scan policies to trigger appropriate actions, such as breaking the build when a test finds a specified number or type of issues.
- Deliver a short summary of the scan results, including a link to the full results in the UI.
Out-of-the-box integrations
Integrations allow Polaris to interoperate with third-party platforms:
- GitHub
- GitLab
- Bitbucket
- Azure DevOps
- Jenkins
- Jira
Capabilities include:
- Run automated tests when someone commits on the main branch in your repository.
- Create an issue in Jira when Polaris finds a relevant new issue in a test.
- Fail the build in your CI system when a high-severity issue is found.
REST API
The application programming interface exposes all the capability of Polaris through a standardized, well-documented set of services. Everything that Polaris does is available through the APIs, but the services are especially useful for sifting through issue data. For example.
- Retrieve all issues from the latest test, or just new issues
- Query issue information, sorting by issue type, issue severity, triage status, and other properties
- Query status of projects in terms of total issues, severity of issues, and other properties