Polaris for Azure DevOps

Invoke various Polaris Software Integrity Platform analysis options on your builds in Azure Pipelines.

The Polaris Software Integrity Platform (Polaris) plug-in for Azure DevOps enables you to invoke Polaris analysis from your continuous integration (CI) pipeline builds in Azure DevOps, which result in a pass or fail for the build. The Polaris plug-in for Azure works with Azure DevOps jobs in Azure Pipelines, which works to constantly and consistently test and build your code. This Polaris plug-in enables you to invoke different Polaris analysis options on your builds in Azure Pipelines and fails a build when there are one or more issues found in the scan results. When you commit code to a repository, a build can be triggered and the Polaris scan returns a pass or fail status for that build.

Polaris incremental analysis (LCA) in Azure Devops enables you to scan files (changeset) that represent the difference between the current build and the last successful build.

Note: The plug-in (extension) can only generate changeset files for projects that use Git as their version control system.

Polaris plug-in

Users and roles

The following roles/permissions are required.
  • API token in Polaris to use with the plug-in so that it can access a Polaris instance.
  • Administrator permission in Azure to install the Polaris plug-in.

Basic workflow

The following describes a high-level overview of the workflow.

  1. You commit code to a branch in your repository.
  2. You run a build on a local Microsoft build agent.
  3. The plug-in downloads and installs the Polaris CLI and executes it using the Polaris YAML file that you checked into the source repository. 
  4. The Polaris CLI captures your code and sends it to Polaris for analysis. A link to results in Polaris is provided when you run the Polaris command using the -w option.
  5. The plug-in can check for issues when the Polaris task in finished and fails the build if issues are found.

Configuration overview

The following is an overview of the steps to set up the Polaris Software Integrity Platform plug-in.

  1. Create an organization and project in Azure.
  2. Install the Polaris Software Integrity Platform plug-in from the Visual Studio Marketplace.
  3. Create a self-hosted build agent. 
  4. Create a pipeline in your project.
  5. Add a project to your repository and include a Polaris YAML file.
  6. Create a task in the pipeline to add the plug-in.
  7. Configure the plug-in by adding a new Polaris service endpoint using the Polaris instance URL, and API key.
  8. Add an agent job. If you've already created a self-hosted build agent, you can select it here. Otherwise, you can select the default option which is a Microsoft hosted agent.
  9. Queue or save and queue to run a build.
  10. View the results to check if the build passes or fails.
Here's an example of a build that fails because Polaris finds issues.

Polaris plug-in