Product overview
The Black Duck Polaris® Platform delivers highly scalable Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Dynamic Application Security Testing (DAST) for your Enterprise.
What Polaris does
- Testing: Upload and scan applications in the cloud using static analysis (SAST) and software composition analysis (SCA). Run dynamic tests (DAST) against your organization's web applications and APIs.
- Issue Lifecycle Management: Review, triage, dismiss, and close issues discovered during security scans. Actions can be taken manually or programmatically.
- Build a software bill of materials (SBOM): Generate the industry's most complete SBOM using two powerful analysis techniques (package manager and signature analysis tests). Evaluate the supply chain of each open source component and license used to create the application.
- Consolidate SAST and SCA findings from other tools: Import SAST and SCA issues from third-party security tools to view all an application's vulnerabilities in one place.
- Analytics: Review the overall risk posture of a project, application, or organization.
- Automation: Use SCM repository integrations, a command-line client, or REST APIs to integrate security testing into your DevOps pipeline. Test and monitor branches to ensure your applications stay secure.
- Dashboards: Offers high-level snapshots of issues or issue details with filters to customize your view of test results.
- Reporting: Create customized reports of your test results.
- Policy management: Establish guidelines and use Polaris to automatically execute specific actions like scheduling tests, breaking builds, notifying users of test findings, and setting fix-by dates.
- Expert triage assistance: For Static scans of a project's default branch, human assessors are available to review findings and reduce false positives, helping developers to focus on meaningful results.
What teams do with Polaris
- Move security testing to the cloud.
- Enable developers by building security testing into CI/CD pipelines.
- Schedule regular scans of repos.
- Set scan policies that can fail a build and prevent code from merging when pre-defined events are detected.
- Use the web UI to triage issues found in the code and dismiss them or assign owners to them.
- Use dashboards to monitor the security stance of applications and their constituent projects.
Components of Polaris
- Polaris Web UI: Manage subscriptions, schedule testing, review, and triage issues, and monitor your security stance on dashboards.
- Bridge command line interface: Use a simple scripting language to automate tests. Scan information is uploaded to the Polaris UI, and you can see all the information from your tests in the web UI.
- Integrations: Polaris can:
- Interact with SCM repositories, including GitHub, GitLab, Bitbucket, and Azure DevOps.
- Create tickets in Jira for issues captured in tests.
- Include links to Secure Code Warrior training resources with issues captured in tests.
- Polaris API: Robust APIs make it possible to quickly retrieve and filter issue data after running tests.