The documentation for the Polaris for Azure DevOps plug-in is on the main Polaris CI Integrations documentation pages to which, you are being redirected.
| Redirect | ||||
|---|---|---|---|---|
|
Polaris Software Integrity Platform helps security and development teams analyze security risks in their software products.
The Polaris plugin for Azure DevOps enables you to invoke Polaris analysis from your continuous integration (CI) and continuous delivery (CD) pipeline builds in Azure DevOps, which results in a pass or fail for the build. The Polaris plugin for Azure works with Azure DevOps jobs in Azure Pipelines, which combines CI/CD to constantly and consistently test and build your code.
This Polaris Software Integrity Platform plugin enables you to invoke different Polaris analysis options from your builds in Azure Pipelines and fails a build when there are one or more issues found in the scan results. When you commit code to a repository, a build can be triggered and the Polaris scan returns a pass or fail status for that build.
Polaris incremental analysis in Azure Devops enables you to scan files that represent the difference between the current build and the last successful build in your Git repository.
The extension can only generate change set files for projects that use Git as their version control system
...
Users and roles
The following roles/permissions are required.
API token in Polaris to use with the plugin so that it can access a Polaris instance.
Administrator permission in Azure to install the Polaris Software Integrity Platform plugin.
Basic workflow
The following describes a high-level overview of the workflow.
You commit code to a branch in your repository.
The build is run on a local or hosted agent.
The plugin downloads and installs the Polaris CLI and executes it using the Polaris YAML file that is checked into the source repository.
The Polaris CLI captures your code and sends it to Polaris for analysis.
A link to results in Polaris is provided when you run the Polaris command with the -w option.The plugin can check for issues and fails the build if issues are found when the Polaris task is finished.
The following are some examples that show the Polaris Software Integrity Platform plugin task running in the Azure pipeline.
Successful build with no issues
...
Failed build with issues
...
Configuration overview
The following is an overview of the steps to set up the Polaris Software Integrity Platform plugin.
...
Create an organization and project in Azure.
...
Install the Polaris Software Integrity Platform plugin from the Visual Studio Marketplace.
...
Create an agent pool and add a self-hosted build agent.
...
Create a pipeline in your project.
...
Add a project to your repository and include a Polaris YAML file.
...
Create a task in the pipeline to add the plugin.
...
Configure the plugin by adding a new Polaris service endpoint using the Polaris instance URL, and API key.
...
Add an agent job. If you've already created a self-hosted build agent, you can select it here. Otherwise, you can select the default option which is a Microsoft hosted agent.
...
Queue or save and queue to run a build.
...