Import results from third-party tools (limited availability)

Run external analysis tests to import SAST and SCA issue data from third-party tools into SAST & SCA projects in Polaris.

Overview

With a subscription that permits external analysis tests, you can import SAST and SCA issue data from many third-party tools into SAST & SCA projects in Polaris.

Important: The ability to import results from third-party tools is available on a limited basis, and is not generally available. Please contact your account teams for more information.

Please note:

  • Imports can only be run from the Polaris user interface, and run like other tests.
  • Issues without a valid severity are ignored.
  • You can upload one file (up to 2GB in size) for each external analysis test.
  • Each file you upload can only include one type of issue data (SAST or SCA).
  • Different file formats are accepted for different third-party tools. Find a list of third-party tools that generate results you can import into Polaris here: Supported third-party tools.
  • Issues you import from third-party tools:
    • Appear on the Issues tab (Portfolio > select an application > select a project > Issues), but do not affect the Components or Licenses tabs.
    • Appear in reports and dashboards, but the components and licenses associated with issues you import do not.

Import results from third-party tools

To import results from a third-party tool, follow these steps:
  1. Go to Tests.
  2. Select New Test.
  3. Select an Application, select a Project, and select a Branch.
  4. Under Third-Party Integration, select External Analysis (SAST or SCA).
    Note: Third-Party Integration only appears when you select an application linked to a subscription that permits external analysis tests.
  5. Drag and drop the file you want to import into the Import Results zone, or select Browse Files to find the file to import on your file system.

    Upload a file for an external analysis test.
    Note: You can upload one file (up to 2GB) for each external analysis test. Each file you upload can only include one type of issue data (SAST or SCA). Different file formats are accepted for different third-party tools. See Supported third-party tools for a full list of supported tools, along with accepted file formats for each.
  6. Select Begin Test.
Monitor test progress on the Tests page (accessible from the left-hand navbar). Newer tests appear near the top of the page.

View and manage issues imported from third-party tools

After you run an external analysis test, issues appear alongside the rest of the project's issues on the Issues tab. Use the Tool filter to view issues captured in different tools. Additional filters appear each time you import results from a new tool.
Apply filters to view issues from third-party tools.

Issues you import from third-party tools can be triaged and exported (to CSV, JSON, or Jira) like other issues in Polaris, and are subject to issue policies.

Issue deduplication

Please note:
  • Polaris deduplicates issues captured using the same third-party tool (if you run multiple external analysis tests to import results from Clang into a project, Polaris won't duplicate the same issue found in different external analysis tests that import results from Clang).
  • Polaris does not deduplicate issues imported from different third-party tools in the same project (if the same issue is captured in external analysis tests using exports from Clang and Coverity, the issue appears twice on the Issues tab).
  • Polaris does not deduplicate issues captured in external analysis tests from issues captured in other test types in the same project (if the same issue is captured in a SAST test run with Polaris and an external analysis test, the issue appears twice on the Issues tab).