Polaris 2020.12 Release Notes

Here's what's new in Polaris 2020.12.

Polaris Platform

  • Support for Coverity 2019.12-2 is deprecated. It will be unsupported after a future release.
  • Coverity 2019.09 is no longer supported.
  • Added new Reports tab on the Applications page.
    • This includes the ability to customize and generate Application Summary reports in PDF, HTML, and CSV formats.
    • Note that the standalone version of Reporting is still available from the Reporting link. This version supports reporting from the Synopsys tools, such as Black Duck, MSP, Seeker, or Coverity (Connect), that are not directly supported in Polaris.

  • New filters are available on the Issues tab. Use these to group or filter issues: PCI-DSS 2018, 2019 CWE Top 25, and 2019 CWE On the Cusp.
  • A list of the Coverity Commands available on Polaris is now published on Synopsys Community. Note that a sign-in on Synopsys Community is required.
  • The names of applications, projects, branches, and revisions will be case insensitive, starting with this release. If you own two apps with very similar names – for example myapp and myApp – one name might change unexpectedly by the addition of a suffix – for example, myApp_2.
  • Added RBAC to Standalone Reporting.
    • Modified roles to be sync'ed up with Polaris Org Administrator and Non-Administrator.
    • New Members section in Standalone Reporting Application Settings.

  • On the Application tab, you can click through to detailed project information, if you are a member of a project.

Polaris CLI

  • Added support for GCS file upload.
  • Support for Minio file upload is deprecated, and will be unsupported after a future release.
  • The following Polaris CLI versions are deprecated in this release, and will be unsupported after a future release:
    • 1.10.175
    • 1.9.141
    • 1.8.149
  • Added functionality to select either full analysis or Incremental Analysis (LCA) based on a user-specified threshold. To find out more and to see the documentation, ask your Synopsys representative.
  • The threshold for Incremental Analysis (LCA) is now configurable in the YML file.
  • The CLI now returns a count of newly found issues and newly closed issues each time you run analysis.

Polaris API

  • New Jobs-service v2 APIs (/api/jobs/v2/*) cleans up extraneous information and introduces an abstraction around job data storage handling for flexibility.
    Table 1. New v2 APIs in 2020.12
    API Description Method URL
    To fetch the job metrics; in other words, the number of jobs in each state from a specific time. GET <host>/api/jobs/v2/jobs/metrics
    To fetch the lifecycle events of a specific job. GET <host>/api/jobs/v2/jobs/{id}/events
    To fetch the job state and its progress. GET <host>/api/jobs/v2/jobs/{id}/status
  • Improvements in API documentation are ongoing, with how-to articles and topics covering authentication made easier to find and use in this release.
  • The objectAsURN field is removed from the responses for the /role-assignments endpoint.
  • The triage command endpoint /project-associations is deprecated, and the endpoint will be removed in the 2021.01 version.
  • Original Jobs-service APIs are deprecated starting with the 2020.12 release. Support for this version ends in the 2021.03 release. Use the v2 APIs for new scripts, and convert all existing calls to v2 before end of support.

Known Issues

  • The Coverity version 2019.12 uploader fails with the error "Publish Uploading the results failed with error: exit status 4" when the analysis mode is set to "local."
  • Coverity 2020.09 analysis in Polaris might fail with a "-2" error.

Bug Fixes

  • POL-2085: Resolved an issue with the Polaris help wherein the analysis option --disable was missing the <checker name> argument.
  • POL-10881: Resolved an issue wherein error messages displayed in the Project Summary where the Industry Recognized Priority Lists and Issues by Severity counts should display.
  • POL-11151: Resolved an issue wherein Polaris-initiated log-ins with encrypted SAML responses were failing.
  • POL-11274: Resolved an issue wherein the Polaris cov-analyze job was running out of memory on a system with 32 GB RAM.
  • POL-11492: Resolved an issue wherein My Organization > Tools displayed the default tool version as applying only to new projects instead of all projects.
  • POL-11621: Removed an erroneous reference to Scala support in the documentation.