Polaris Software Integrity Platform for Jenkins

Polaris Software Integrity Platform (Polaris) for Jenkins plug-in enables you to invoke Polaris analysis from your Jenkins builds.

Polaris Software Integrity Platform (Polaris) helps security and development teams analyze security risks in their software products. Polaris provides a comprehensive, aggregated view of application security with the ability to examine and manage individual issues.

Polaris for Jenkins enables continuous integration, and by incorporating the Polaris plug-in it provides the flexibility to orchestrate security analysis in your software development.

  • Use the Polaris CLI in Jenkins to run static analysis on your software code and then upload the results to your Polaris server.
  • Invoke different Polaris CLI analysis options on your builds in Jenkins.
  • Run a full analysis scan on a build, or an incremental analysis (LCA) scan on an SCM changeset.
  • When you commit code to a repository, you can trigger a build and the Polaris scan returns results for that scan based on your pre-configured Jenkins job.
  • Use Polaris for Jenkins in both freestyle and Pipeline jobs.

When the Polaris for Jenkins plug-in runs it does the following:

  • Checks the configured Polaris server and the Jenkins node to verify if the correct version of the Polaris Command Line Interpreter (CLI) is installed on the node.
  • If the Polaris CLI is not installed, the plug-in installs the CLI.
  • Polaris for Jenkins executes the Polaris CLI, which analyzes your project and uploads the results to Polaris.
  • In a Jenkins freestyle job, you can configure the CLI to wait (wait for issues) until Polaris has completed the code analysis and then apply a build status such as marking the build as unstable or failing the build if issues are found.
  • In a Jenkins Pipeline job, you can configure the CLI to check for issues when the build is finished.

Basic workflow

Using Polaris Software Integrity Platform (Polaris) to analyze your code through Jenkins involves the following basic steps:

  1. Ensure that you satisfy the requirements.
  2. Install the Polaris plug-in in Jenkins.
  3. Configure credentials for Polaris and any environment variables.
  4. Configure Polaris CLI in Jenkins.
  5. Configure a connection to your Polaris instance in Jenkins.
  6. Provide Polaris arguments in a freestyle or Pipeline job to run against a build.
  7. Examine the analysis results.