Polaris Support Information

Supported platforms

Polaris APIs are compatible with any operating system and hardware that can connect to the Polaris server or APIs via HTTPS.

Browser support

The Polaris web UI can be accessed using:

Table 1. Browser support
Browser	Versions	Provider	Notes
Firefox	Latest and latest - 1	Versions supported by Mozilla
Google Chrome	Latest and latest - 1	Versions supported by Google
Microsoft Edge	Latest and latest - 1	Versions supported by Windows 10
Safari	Latest and latest - 1	Versions supported by Apple	"Prevent cross-site tracking" must be disabled.

Note: Internet Explorer is not supported.

Supported tools

Table 2. Supported tools
Tool	Supported version
Coverity	2024.6.0
Coverity Thin Client	2024.1.1
Synopsys Bridge	2.9.0
Synopsys Detect	9.9.0

Supported file types and tests

Table 3. Scan Support
Type	Description
Code Upload	Only scans using Coverity buildless mode, doesn't require access to the build to scan.
SCM	Only scans using Coverity buildless mode, doesn't require access to the build to scan.
CLI	Scans using Coverity buildless or CLI mode.

Table 4. SAST Language Support
Language	Language Versions	Code Upload (UI)	SCM Integration	CI via Synopsys Bridge (CLI)
Salesforce® Apex™		Supported	Supported	Supported
C/C++	C++23 C++20 C++98 C++03 C++11 C++14 C++17 C89 C99 C11	Not Supported	Not Supported	Supported
C#	Up to C# 12	Supported	Supported	Supported
Dart	Version Agnostic	Supported	Supported	Supported
Go	Go 1.21-1.22	Not Supported	Not Supported	Supported
Java	Up to Java 22	Supported	Supported	Supported
JavaScript	ECMAScript 2023	Supported	Supported	Supported
Kotlin	Kotlin 1.8.0-1.8.22, 1.9.0	Not Supported	Not Supported	Supported
Objective-C/C++		Not Supported	Not Supported	Supported
PHP	Version Agnostic	Supported	Supported	Supported
Python	Python 3.x–3.11	Supported	Supported	Supported
Ruby	Matz's Reference Impl. (MRI) 1.9.2–3.2 and equivalents (via Breakman pro bundles into analysis kit)	Supported	Supported	Supported
Swift	Version Agnostic	Supported	Supported	Supported
TypeScript	TypeScript 1.0–5.2	Supported	Supported	Supported
Visual Basic	Up to Visual Basic 16	Not Supported	Not Supported	Supported

Note: Find the CWEs Coverity can identify in different languages here: Coverity Coverage for Common Weakness Enumeration (CWE).

Table 5. Infrastructure as code: Static Testing
Language	What is supported	Code Upload (UI)	SCM Integration	CI via Synopsys Bridge (CLI)
IAC	Platforms: AWS CloudFormation, Kubernetes, Terraform. Formats: HCL (Terraform), JSON, XML, YAML	Supported	Supported	Supported

Table 6. SCA Language and Package Manager Support
Package manager	Language	Test mode	Supported	Entry point	Supported detectors, requirements	Accuracy
Apache Ivy	Various	Code upload or SCM integration	Not Supported
Apache Ivy	Various	Synopsys Bridge (CI/CLI)	Supported	Ivy Build Parse	Ivy Build Parse Files: ivy.xml, build.xml	Low
BitBake	Various	Code upload or SCM integration	Not Supported
BitBake	Various	Synopsys Bridge (CI/CLI)	Supported	Bitbake CLI	Bitbake CLI Properties: Package names Files: build env script Executables: bash	High
Cargo	Rust	All	Supported	Cargo Lock	Cargo Lock Files: Cargo.lock, Cargo.toml	High
Carthage	Various	All	Supported	Carthage Lock	Carthage Lock Files: Cartfile, Cartfile.resolved	High
CocoaPods	Objective-C	All	Supported	Pod Lock	Pod Lock Files: Podfile.lock	High
Conan	C/C++	Code upload or SCM integration	Supported	Conan Lock	Conan Lock Files: conan.lock	High
		Synopsys Bridge (CI/CLI)	Supported	Conan Lock	Conan Lock Files: conan.lock	High
				Conan Lock	Conan CLI Files: conanfile.txt or conanfile.py Executables: conan	High
				Conan CLI	Conan CLI Files: conanfile.txt or conanfile.py Executables: conan	High
Conda	Python	Code upload or SCM integration	Not Supported
Conda	Python	Synopsys Bridge (CI/CLI)	Supported	Conda CLI	Conda CLI Files: environment.yml. Executable: conda	High
CPAN	Perl	Code upload or SCM integration	Not Supported
CPAN	Perl	Synopsys Bridge (CI/CLI)	Supported	Cpan CLI	Cpan CLI File: Makefile.PL Executables: cpan	High
CRAN	R	All	Supported	Packrat Lock	Packrat Lock File: packrat.lock	High
Dart	Dart	Code upload or SCM integration	Supported	Dart PubSpec Lock	Dart PubSpec Lock Files: pubspec.yaml, pubspec.lock	High
		Synopsys Bridge (CI/CLI)	Supported	Dart CLI	Dart CLI Files: pubspec.yaml, pubspec.lock Executables: dart, flutter	High
				Dart CLI	Dart PubSpec Lock Files: pubspec.yaml, pubspec.lock	High
				Dart PubSpec Lock	Dart PubSpec Lock Files: pubspec.yaml, pubspec.lock	High
Go Dep	Golang (Go)	All	Supported	GoDep Lock	GoDep Lock Files: Gopkg.lock	High
Gogradle	Golang (Go)	All	Supported	GoGradle Lock	GoGradle Lock Files: gogradle.lock	High
Go Modules	Golang (Go)	Code upload or SCM integration	Not Supported
Go Modules	Golang (Go)	Synopsys Bridge (CI/CLI)	Supported	GoMod CLI	GoMod CLI Files: go.mod Executables: go	High
Go Vendor	Golang (Go)	All	Supported	Go Vendor	Go Vendor Files: vendor/vendor.json	High
Go Vendor	Golang (Go)	All	Supported	GoVndr CLI	GoVndr CLI Files: vendor.conf	High
Gradle	Various	Code upload or SCM integration	Supported	Gradle Project Inspector	Gradle Project Inspector Files: build.gradle	Low
		Synopsys Bridge (CI/CLI)	Supported	Gradle Native Inspector	Gradle Native Inspector Files: build.gradle or build.gradle.kts Executables: gradlew or gradle	High
		Synopsys Bridge (CI/CLI)	Supported	Gradle Native Inspector	Gradle Project Inspector Files: build.gradle	Low
Hex	Erlang	Code upload or SCM integration	Not Supported
Hex	Erlang	Synopsys Bridge (CI/CLI)	Supported	Rebar CLI	Rebar CLI Files: rebar.config Executables: rebar3	High
Lerna	Node.js	Code upload or SCM integration	Not Supported
Lerna	Node.js	Synopsys Bridge (CI/CLI)	Supported	Lerna CLI	Lerna CLI Files: lerna.json, package.json Executables: Lerna, and one of the following: package-lock.json npm-shrinkwrap.json yarn.lock.	High
Maven	Various	Code upload or SCM integration	Supported	Maven Project Inspector	Maven Project Inspector Files: pom.xml	Low
		Synopsys Bridge (CI/CLI)	Supported	Maven CLI	Maven CLI Files: pom.xml Executables: mvnw or mvn	High
				Maven CLI	Maven Project Inspector Files: pom.xml	Low
				Maven Wrapper CLI	Maven Wrapper CLI Files: pom.groovy Executables: mvnw or mvn	High
				Maven Wrapper CLI	Maven Project Inspector Files: pom.xml	Low
npm	Node.js	Code upload or SCM integration	Supported	NPM Package Lock	NPM Package Lock Files: package-lock.json. For better results, include a package.json also.	High
		Code upload or SCM integration	Supported	NPM Package Json Parse	NPM Package Json Parse Files: package.json	Low
		Synopsys Bridge (CI/CLI)	Supported	NPM Shrinkwrap	NPM Shrinkwrap Files: npm-shrinkwrap.json. For better results, include a package.json also.	High
					NPM Package Lock Files: package-lock.json. For better results, include a package.json also.	High
					NPM CLI Files: node_modules, package.json Executables: npm	High
					NPM Package Json Parse Files: package-lock.json	Low
				NPM Package Lock	NPM Package Lock Files: package-lock.json. For better results, include a package.json also.	High
					NPM CLI Files: node_modules, package.json Executables: npm	High
					NPM Package Json Parse Files: package.json	Low
				NPM CLI	NPM CLI Files: node_modules, package.json Executables: npm	High
				NPM CLI	NPM Package Json Parse Files: package.json	Low
				NPM Package Json Parse	NPM Package Json Parse Files: package.json	Low
NuGet	C#	All	Supported	NuGet Solution Native Inspector	NuGet Solution Native Inspector Files: A solution file with a .sln extension	High
				NuGet Solution Native Inspector	NuGet Project Inspector Files: A project file with the .csproj or .sln extension	Low
				NuGet Project Native Inspector	NuGet Project Native Inspector Files: A project file with the csproj, .fsproj, .vbproj, .asaproj, .dcproj, .shproj, .ccproj, .sfproj, .njsproj, .vcxproj, .vcproj, .xproj, .pyproj, .hiveproj, .pigproj, .jsproj, .usqlproj, .deployproj, .msbuildproj, .sqlproj, .dbproj, or .rproj extension	High
				NuGet Project Native Inspector	NuGet Project Inspector Files: A project file with the .csproj or .sln extension	Low
Packagist	PHP	All	Supported	Composer Lock	Composer Lock Files: composer.lock, composer.json	High
PEAR	PHP	Code upload or SCM integration	Not Supported
PEAR	PHP	Synopsys Bridge (CI/CLI)	Supported	Pear CLI	Pear CLI Files: package.xml Executables: pear	High
pip	Python	Code upload or SCM integration	Supported	Pipfile Lock	Pipfile Lock Files: Pipfile, Pipfile.lock	High
		Code upload or SCM integration	Supported	PIP Requirements File Parse	PIP Requirements File Parse Files: requirements.txt	Low
		Synopsys Bridge (CI/CLI)	Supported	Pipenv Lock	Pipenv Lock Files: Pipfile or Pipfile.lock Executables: python or python3, and pipenv	High
					PIP Native Inspector Files: setup.py, or one or more requirements.txt Executables: python and pip, or python3 and pip3	High
					Pipfile Lock Files: Pipfile, Pipfile.lock	High
				PIP Native Inspector	PIP Native Inspector Files: setup.py, or one or more requirements.txt Executables: python and pip, or python3 and pip3	High
				PIP Native Inspector	Pipfile Lock Files: Pipfile, Pipfile.lock	High
				Pipfile Lock	Pipfile Lock Files: Pipfile, Pipfile.lock	High
				PIP Requirements File Parse	PIP Requirements File Parse Files: requirements.txt	Low
pnpm	Node.js	All	Supported	Pnpm Lock	Pnpm Lock Files: pnpm-lock.yaml, package.json.	High
Poetry	Python	All	Supported	Poetry Lock	Poetry Lock Files: Poetry.lock, pyproject.toml	High
RubyGems	Ruby	All	Supported	Gemfile Lock	Gemfile Lock Files: Gemfile.lock	High
				Gemfile Lock	Gemspec Parse Files: A gemspec file with the .gemspec extension	Low
				Gemspec Parse	Gemspec Parse Files: A gemspec file with the .gemspec extension	Low
SBT	Scala	Code upload or SCM integration	Not Supported
SBT	Scala	Synopsys Bridge (CI/CLI)	Supported	Sbt Native Inspector	Sbt Native Inspector Files: build.sbt Plugins: Dependency Graph	High
Swift	Swift	Code upload or SCM integration	Supported	Swift Lock	Swift Lock Files: Package.swift, Package.resolved	High
		Synopsys Bridge (CI/CLI)	Supported	Swift Lock	Swift Lock Files: Package.swift, Package.resolved	High
				Swift Lock	Swift CLI Files: Package.swift Executables: swift	High
				Swift CLI	Swift CLI Files: Package.swift Executables: swift	High
Xcode	Swift	All	Supported	Xcode Workspace Lock	Xcode Workspace Lock Directories: *.xcworkspace	High
				Xcode Workspace Lock	Xcode Project Lock Directories: *.xcodeproj Files: Package.resolved	High
				Xcode Project Lock	Xcode Project Lock Directories: *.xcodeproj Files: Package.resolved	High
Yarn	Node.js	All	Supported	Yarn Lock	Yarn Lock Files: yarn.lock, package.json	High

Note: Package manager version requirements are only applicable to tests created with Synopsys Bridge (when testing relies on/requires access to executables). N/A in the table below indicates buildless capture is used to test projects that depend on the package manager.

Table 7. SCA Package Manager Versions (latest)
Package manager	Latest supported version
Apache Ivy	N/A
BitBake	2.6.0 (Yocto 4.3.2)
Cargo	N/A
Carthage	N/A
CocoaPods	N/A
Conan	2.0.14
Conda	4.10.3
CPAN	Cpan Script 1.678 CPAN.pm 2.36 Cpanm 1.7047
CRAN	N/A
Dart	Dart 3.1.2 Flutter 3.13.4
Go Dep	N/A
Gogradle	N/A
Go Modules	1.20.4
Go Vendor	N/A
Gradle	8.2.1
Hex	Rebar 3.20.0
Lerna	6.6.2
Maven	3.8.1
npm	Node v20.5.1 npm 9.8.1
NuGet	NuGet 6.2 .NET runtime is not required with 7.13.0
Packagist	N/A
PEAR	1.10.12
pip	23.1.2
pnpm	8.9.2
Poetry	N/A
RubyGems	2.0.0
SBT	1.5.0
Swift	5.6.1
Xcode	N/A
Yarn	4.1.0

Upload Limitations

Table 8. Upload Limitations
Type	Size limits
Single file	1 GB
ZIP file	2 GB
Maximum file count	200,000 files

Note: For code uploads (when you start a test by uploading source code manually), filenames can include letters, digits, and the characters “.”, “-” and “_”. No other characters or spaces are allowed.

Supported Source Code Management (SCM) systems

Support matrix for SCM repositories that can integrate a single repository integrated into Polaris. Bulk onboarding is only supported for GitHub, see Prerequisites in how to Integrate Multiple SCM Repositories.

Table 9. Supported SCM systems
SCM	Offering	Plan/Subscription/Version	Deployment type	URL	Polaris support
Github	Github Standard	Github Free Github Pro Github free for Organizations Github Team	Cloud	https://github.com	YES
	GitHub Enterprise Cloud		Cloud	https://github.com	YES
	GitHub Enterprise Server	Supported Versions:3.11-3.12	Self -Hosted	<variable>	YES
GitLab	GitLab SaaS	Free Premium Ultimate	Cloud	https://gitlab.com	YES
GitLab	GitLab self-managed (self-hosted)	Core Premium Ultimate Supported Versions: 15.11-16.0	on-premises or cloud	<variable>	YES
Azure DevOps			Cloud	<variable> Example: https://<<username>>@dev.azure.com/<<username>>/<<projectName>>/_git/<<projectName>>	YES
Bitbucket			Cloud	https://bitbucket.org/	YES
Bitbucket		Supported Versions: 8.9 - 8.19	Self-hosted		YES