Polaris 2021.6.0 Release Notes

Here's what's new in Polaris 2021.6.0.

Polaris Platform

  • Polaris supports Coverity 2021.06. Coverity on Polaris includes the following changes:
    • Support for Go 1.14 is dropped as of Coverity 2021.06.
    • Support for macOS 10.14 is deprecated as of Coverity 2021.06.
    • Support for Oracle JDK 15 is deprecated as of Coverity 2021.06.
    • Support for OpenJDK 15 is deprecated as of Coverity 2021.06.
    • Support for .NET Core 2.1 is deprecated as of Coverity 2021.06.
    • Added support for Kotlin 1.4 up to and including version 1.4.21 (CMPFG-456).
    • Support for Kotlin 1.3.x is deprecated as of Coverity 2021.06 and will be removed in a future release.
    • Support for Swift 5.3 has ended.
    • Support for LLVM Clang 12.0 is added, for C++ and Objective C.
    • Support for Python 2.7 has ended.
    • Added support for PHP 7.0.
    • Dropped support for PHP 5.X.
    • Support for Apex was added. (Buildless capture only.)
    • Autocapture is now supported for PHP, Python, and Ruby.
    • The behavior of the cov-capture command has changed. Formerly, this command automatically downloaded JavaScript dependencies using NPM, Bower, and Yarn. The cov-capture command no longer downloads JavaScript dependencies. For more information on this topic, including how to include JavaScript dependencies in your emitted code, refer to the following Knowledge Base article: https://community.synopsys.com/s/article/Coverity-2021-06-Cov-Capture-Change (BLC-1053).
  • Polaris Reporting can produce a report when there are zero open issues, allowing you to demonstrate that all open issues have been resolved. “Application Summary Report” has been renamed “Application Risk Report.”
  • The Application Risk Report now includes a risk score and information about the application's risk profile. See the documentation for more about the risk score.
  • Organization Administrators can configure and modify the Risk Profile settings to adapt the Risk Profile Score to an organization's needs.
  • “Application Summary Report” has been renamed “Application Risk Report.”
  • Users can select the issue type in Jira to export when configuring a Project in Polaris and linking it to a Project in Jira.
  • Polaris Reporting contains new charts that show the age of outstanding issues and time to resolution of issues.
  • Bug Fix: Incorrect mention of MISRA as a supported platform was removed from documentation (POL-14677).
  • Bug Fix: An export to Jira error "Request was formatted incorrectly" was fixed (POL-14600).
  • Bug Fix: An issue with SAML SSO with Google Identity was fixed after a user could not login to Polaris if logged into their Google account in browser (POLSAAS-326).

Polaris CLI

  • The latest version of Polaris CLI Scan Client provides important security updates and is recommended for all users.
  • Polaris CLI tool installation for MacOS now supports both zip archive (CLI binary) and new pkg installer downloads.
  • Bug Fix: Polaris generated incorrect Coverity compiler configuration for Swift (POL-14711).
  • Bug Fix: A Polaris Azure DevOps Scan using "waitForIssues" failed pointing to strange filepath has been resolved (POL-13219).
  • Bug Fix: Scans failing because coverity-log.txt was being used by another process has been resolved (POL-14743).
  • Bug fix: Build logs might leak sensitive information stored in environment variables. (POL-14415).

Polaris API

  • Added field issue-type-id to project-mappings endpoint. The new endpoint /jiras/{jira-id}/projects/{jira-project-key}/issue-types is or querying available issue types.

  • Added a new API to calculate average age of open and closed issues:

    api/query/v1/issue-metrics/age

  • Added new API's for Risk Profile Service:

    • Create policy : /api/risk-profile-service/v0/policies
      • Method : POST
    • List policies : /api/risk-profile-service/v0/policies
      • Method : GET
    • Get policy by policy-id : /api/risk-profile-service/v0/policies/{policy-id}
      • Method : GET
    • Update policy by policy-id : /api/risk-profile-service/v0/policies/{policy-id}
      • Method : PATCH
    • Delete policy by policy-id : /api/risk-profile-service/v0/policies/{policy-id}
      • Method : DELETE
    • Calculate score of an Application or Project : /api/risk-profile-service/v0/policies/score
      • Method : GET
    • Get default policy: /api/risk-profile-service/v0/policies/default-policy
      • Method : GET
    • Get enum values of each policy attributes : /api/risk-profile-service/v0/policies/value-discovery
      • Method : GET
  • The following tools service APIs are modified, to support extension choice while downloading the tool binary:

VO

Deprecated Use Instead
/polaris_cli-{platform}-{version}.zip /polaris_cli-{platform}-{version}.{extension}
/polaris_cli-{platform}.zip /polaris_cli-{platform}.{extension}
/tools/{toolType}/{platform}/{version} /tools/{toolType}/{platform}/{version}?extension={any supported extension}

V1

Deprecated Use Instead
/v1/{tool}{version}.zip /v1/{tool}{version}.{extension}
/v1/{tool}-{platform}.zip /v1/{tool}-{platform}.{extension}
/v1/download-descriptors/{id /v1/download-descriptors/{id}?filter[extension]=<extension>

V2

Deprecated Use Instead
/polaris_cli-{platform}-{version}.zip /v2/polaris_cli-{platform}-{version}.{extension}
/v2/{tool}-{platform}.zip /v2/{tool}-{platform}.{extension}
/v2/download-descriptors/{id} /v2/download-descriptors/{id}?filter[extension]=<extension>