Polaris Software Integrity Platform helps security and development teams analyze security risks in their software products.
...
This Polaris Software Integrity Platform plugin enables you to invoke different Polaris analysis options from your builds in Azure Pipelines and fails a build when there are one or more issues found in the scan results. When you commit code to a repository, a build can be triggered and the Polaris scan returns a pass or fail status for that build.
Polaris incremental analysis in Azure Devops enables you to scan files that represent the difference between the current build and the last successful build in your Git repository.
The extension can only generate change set files for projects that use Git as their version control system
...
Users and roles
The following roles/permissions are required.
API token in Polaris to use with the plugin so that it can access a Polaris instance.
Administrator permission in Azure to install the Polaris Software Integrity Platform plugin.
Basic workflow
The following describes a high-level overview of the workflow.
...
Successful build with no issues
...
Failed build with issues
...
Configuration overview
The following is an overview of the steps to set up the Polaris Software Integrity Platform plugin.
...