Polaris 2021.01 Release Notes

Here's what's new in Polaris 2021.01.

Polaris Platform

  • The Polaris Application Summary Report is updated to include charts with projects by open issue count which are currently available in the Polaris Application Summary tab.
  • An organization administrator can assign user groups to an application, instead of adding users one at a time.
  • Polaris and Polaris Reporting now support 2020 CWE Top 25.
  • Support for all supported Coverity versions was previously represented on a single page. We've simplified by creating a single page for each supported version of Coverity.
  • Support for Coverity 2021.01 is added. Coverity 2021.01 is a special release for Polaris. It includes the following changes compared to previous versions of Coverity:
    • Coverity 2021.01 requires an upgrade to the latest version of Polaris CLI Scan Client (1.12.X).
    • JavaScript JSHint analysis has been upgraded to v2.12.0 (SAT-36434).
    • Support for Go 1.13 is deprecated as of Coverity 2021.01 and will be removed in a future release.
    • Support for Swift 5.2 has been dropped as of Coverity 2021.01. Along with this, support for Xcode 11.4.x has been dropped. (Use Swift 5.3.x. and Xcode 12.0.x.)
    • Support for LLVM Clang 3.0-3.6 has been dropped as of Coverity 2021.01.
    • Support for GNU GCC and G++ version 3 has been dropped as of Coverity 2021.01.
    • Support for LLVM Clang 3.7 is now deprecated.
    • Support for Python 2.7 is deprecated as of Coverity 2021.01 and will be removed in a future release.
    • Support for PHP 5.x has been deprecated.
    • Support for Oracle JDK 14 has been deprecated as of Coverity 2021.01 and will be removed in a future release.
    • Support for Open JDK 14 has been deprecated as of Coverity 2021.01 and will be removed in a future release.
    • Added support for the Clang 11 C/C++ compiler. (CMPG-3401)
    • Added support for Swift 5.3. (SATPLAN-223)
    • Known Issue: When using JDK 14 on macOS 10.14 or 10.15 cov-build might miss capturing Java source. In this situation, please use buildless capture (cov-capture) to capture your Java source.
    • The cov-security-da option is disabled by default. To enable dynamic analysis, see Polaris Help.
  • If you don't want to upgrade to Coverity 2021.01, set a different version as the default version in the Polaris UI. See Polaris Help for more information.
  • Bug Fix: Resolved an issue wherein a 400 error could occur when paging through projects (POL-12232).

Polaris CLI

  • You can enable JAR caching to improve performance when scanning Java projects. (Requires Coverity 2021.01.)
  • You can attach one or more custom properties to a run and then use the properties to track your scans.
  • Coverity 2021.01 requires an upgrade to the latest version of Polaris CLI Scan Client (1.12.X).

Polaris API

The V0 endpoints for triage query and triage command are no longer supported.

Removed Use Instead
/api/triage-command/v0/* /api/triage-command/v1*
/api/triage-query/v0/* /api/triage-query/v1/*