Coverity on Polaris 2021.12.0 Release Notes

Note: This platform is renamed Coverity on Polaris. Unless otherwise specified, references to Polaris or Polaris Software Integrity Platform in this documentation are referring to Coverity on Polaris.

Here's what's new in Polaris 2021.12.0.

Polaris Platform

  • For information about how we mitigated the impacts of Log4j on Polaris, see Polaris Update Regarding Vulnerability CVE-2021-44228. (Requires sign-in.)
  • For a Log4j status report on all Synopsys SIG products, see SIG Security Advisory for Apache Log4j2. (Requires sign-in.)
  • Important note: Upgrading to the latest version of the Polaris Jenkins plug-in (v1.2.0) is recommended to get the latest updates mitigation the Log4j vulnerability.
  • Support for Coverity 2021.04 is deprecated. It will be discontinued in a future release.
  • Coverity 2021.03 is no longer supported.
  • Polaris now supports Coverity 2021.12.1. See Coverity 2021.12.1: Supported Platforms, Languages, and Compilers. It includes the following changes:
    • Upgrading to Coverity 2021.12.1 is recommended, because it protects against the Apache Log4j vulnerability.
    • Support for Go 1.15 has been removed.
    • Support for Windows 8.1 has been removed.
    • Support for Windows Server 2012 R2 has been removed.
    • Support for Windows Server 2016 is deprecated and will be removed in a future release.
    • Support for LLVM Clang 3.8-3.9 is deprecated and will be removed in a future release.
    • Support for Oracle JDK 16 is deprecated and will be removed in a future release.
    • Support for Kotlin 1.4 is deprecated and will be removed in a future release.
    • Added support for Go 1.17.
    • Added support for Ruby 2.6.
    • Added support for compiler LLVM Clang 13.
    • TypeScript 1.0–4.3 are supported. Filesystem capture and buildless capture (project mode) require you to list TypeScript separately from JavaScript.
    • The following Infrastructure as Code (IaC) platforms are supported through autocapture:
      • Kubernetes
      • AWS CloudFormation
      • Terraform
    • The following IaC file formats are supported through autocapture:
      • HCL
      • JSON
      • XML
      • YAML
  • Coverity checker details have been added to reports.
  • When exporting to PDF, the "include code snippets" feature is limited to 800 or fewer issues, and if more are available, the checkbox is disabled.
  • Polaris now supports the integration with Jira Data Center instance on secure network via a Jira plug-in available on the Downloads page of Polaris. See documentation.
  • Reporting has been enhanced to save and export a filtered list of issues based on customer's criteria to a format to share with auditors or internal team members for tracking purposes.
  • Bug Fix: A Jira integration issue was fixed where the configured Jira issue type had required fields that were not supported when exporting. (POL-15035)
  • Bug Fix: Spinning severity for some issues and discrepancy in issue counts in Polaris UI. (POL-15114, POL-15116, POL-15123, POL-15141, POL-15196, POL-15200)

Polaris CLI

  • The CLI Scan Client versioning has changed to the Synopsys standard convention of four-digit year, month and revision/patch number starting at 0 (yyyy.m.r).
  • The following versions of the Polaris CLI Scan Client are supported in this release:
    • 2021.12.0
    • 1.18.22
    • 1.17.119
  • The following versions of Polaris CLI Scan Client are no longer supported:
    • 1.16.72-hf
    • 1.16.71
    • 1.15.26
    • 1.14.65
  • Build capture of Swift is supported with cov-emit-text.
  • An issue exists where you can not use cov-configure with autocapture. Instead use build capture and specify files. (POLCT-15218)
  • Bug Fix: Support for TypeScript has been added to the filesystem capture settings of polaris.yml file. (POLCT-2087)
  • Bug Fix: An issue where Polaris 2021.8.0 filesystem capture was not capturing Typescript using Coverity 2021.06-1 was fixed. (POL-15075)
  • Bug Fix: Documentation about Central vs. Local YML File has been improved. See documentation. (POL-15051)