...
...
...
...
...
| Note |
|---|
Site deprecated - please visit https://sig-product-docs.synopsys.com/bundle/ci-integrations/page/web_help.html |
Polaris Software Integrity Platform (Polaris) helps security and development teams analyze security risks in their software products. Polaris provides a comprehensive, aggregated view of application security with the ability to examine and manage individual issues.
Polaris for Jenkins enables continuous integration, and by incorporating the Polaris plugin it provides the flexibility to orchestrate security analysis in your software development.
Use the Polaris CLI in Jenkins to run static analysis on your software code and then upload the results to your Polaris server.
Invoke different Polaris CLI analysis options on your builds in Jenkins.
Run a full analysis scan on a build, or an incremental scan on an SCM changeset.
When you commit code to a repository, you can trigger a build and the Polaris scan returns results for that scan based on your pre-configured Jenkins job.
Use Polaris for Jenkins in both Freestyle and Pipeline jobs.
...
Checks the configured Polaris server and the Jenkins node to verify if the correct version of the Polaris Command Line Interpreter (CLI) is installed on the node.
If the Polaris CLI is not installed, the plugin installs the CLI.
Polaris for Jenkins executes the Polaris CLI, which analyzes your project, and uploads the results to Polaris.
In a Jenkins Freestyle job, you can configure the CLI to wait (wait for issues) until Polaris has completed the code analysis and then apply a build status such as marking the build as unstable or failing the build if issues are found.
In a Jenkins Pipeline job, you can configure the CLI to check for issues when the build is finished.
Basic workflow
Using Polaris Software Integrity Platform (Polaris) to analyze your code through Jenkins involves the following basic steps:
...