Polaris Analysis

Use the Polaris CLI to run static analysis on your software project in Jenkins freestyle or Pipeline jobs.

Code analysis is handled by the Polaris CLI tool, which can be invoked as part of an automated CI build process.
  • In the background, the CLI performs the analysis and reports the results to the Polaris server.
  • You can use the Polaris user interface to view the security and quality issue summaries about your code.
  • In freestyle jobs, you can check the wait for issues checkbox so that the Polaris CLI waits for analysis to finish, checks for issues, and applies a pre-selected status for the build if issues are found.
  • In Pipeline jobs, you can use the PolarisIssueCheck option to get an issue count when the build finishes.

Polaris incremental analysis (LCA)

You can run Polaris incremental analysis (LCA) in Jenkins, which enables you to run code analysis on an SCM changeset.

Polaris Software Integrity Platform for Jenkins has a Populate SCM changeset in file at $CHANGE_SET_FILE_PATH for incremental analysis option that you can configure to generate a changeset file at $CHANGE_SET_FILE_PATH, which defaults to $WORKSPACE/.synopsys/polaris/changeSetFiles.txt When you specify a value in $CHANGE_SET_FILE_PATH, a file is generated at that resolved changeset path.

Using incremental analysis (LCA), the Polaris command line interface (CLI) scans only the files that are returned in the SCM changeset and not your entire source code.
  • The changeset file is populated from the SCM but not locally.
  • The build status does not change when you run incremental analysis (LCA).
  • You can use the Polaris command to specify that changeset file, for example, analyze -w --incremental $CHANGE_SET_FILE_PATH
Note: The default value for $CHANGE_SET_FILE_PATH is $WORKSPACE/.synopsys/polaris/changeSetFiles.txt

Generating and configuring the changeset file for incremental analysis (LCA)

In a freestyle job or Pipeline job (snippet generator), Polaris for Jenkins has a Populate SCM changeset in file at $CHANGE_SET_FILE_PATH for incremental analysis checkbox that you can select to generate a changeset file at the $CHANGE_SET_FILE_PATH.

  • The changeset file is populated from the SCM only.
  • You can specify file-name patterns that you would like to explicitly exclude from the Jenkins changeset or include in the changeset to be scanned.
  • Any included/excluded file-name patterns that you specify are applied to the $CHANGE_SET_FILE_PATH environment variable and this affects which files are analyzed in the incremental analysis (LCA).

Empty changesets

When analysis mode is configured as incremental analysis (LCA) and the changeset is empty:

  • Freestyle jobs configured to create a changeset file have an additional field to set the build status of the job (mark build as unstable, fail the build, or do not change the build status (only log) when skipping analysis because nothing was included in the changeset.
  • Pipeline jobs configured to create a changeset file have an additional field to return a status code of -1 instead of throwing an exception when skipping analysis because nothing was included in the changeset. For more information, see the Pipeline examples.