Polaris Software Integrity Platform YAML File

A Polaris Software Integrity Platform YAML file is required, which you check in with your code to your Source code management (SCM) to control how scans are run in the Azure DevOps (ADO) system; if the Polaris Software Integrity Platform YAML file is not found in the SCM, Synopsys uses a default build command and proceeds to analyze your code.

The following is a basic example of a Polaris Software Integrity Platform YAML file.

version: "1"
project:
  name: myproj-master
  branch: myproj-master
  revision:
    name: myproj-master
    date: 2020-05-12T18:57:33Z
capture:
  build:
    cleanCommands:
    - shell: [mvn, -B, -f, pom.xml, clean]
    buildCommands:
    - shell: [mvn, -B, -f, pom.xml, install, -Dmaven.test.skip=true, -Dmaven.javadoc.skip=true]
  fileSystem:
    ears:
      extensions: [ear]
      files:
      - directory: ${project.projectDir}
    java:
      files:
      - directory: ${project.projectDir}
    javascript:
      files:
      - directory: ${project.projectDir}
      - excludeRegex: node_modules|bower_components|vendor
    php:
      files:
      - directory: ${project.projectDir}
    python:
      files:
      - directory: ${project.projectDir}
    ruby:
      files:
      - directory: ${project.projectDir}
    wars:
      extensions: [war]
      files:
      - directory: ${project.projectDir}
analyze:
  mode: central
install:
  coverity:
    version: default
serverUrl: https://polaris.instance.com