Polaris 2021.6.0 Release Notes
Here's what's new in Polaris 2021.6.0.
Polaris Platform
- Polaris supports Coverity 2021.06. Coverity on Polaris includes the following
changes:
- Support for Go 1.14 is dropped as of Coverity 2021.06.
- Support for macOS 10.14 is deprecated as of Coverity 2021.06.
- Support for Oracle JDK 15 is deprecated as of Coverity 2021.06.
- Support for OpenJDK 15 is deprecated as of Coverity 2021.06.
- Support for .NET Core 2.1 is deprecated as of Coverity 2021.06.
- Added support for Kotlin 1.4 up to and including version 1.4.21 (CMPFG-456).
- Support for Kotlin 1.3.x is deprecated as of Coverity 2021.06 and will be removed in a future release.
- Support for Swift 5.3 has ended.
- Support for LLVM Clang 12.0 is added, for C++ and Objective C.
- Support for Python 2.7 has ended.
- Added support for PHP 7.0.
- Dropped support for PHP 5.X.
- Support for Apex was added. (Buildless capture only.)
- Autocapture is now supported for PHP, Python, and Ruby.
- The behavior of the
cov-capture
command has changed. Formerly, this command automatically downloaded JavaScript dependencies using NPM, Bower, and Yarn. Thecov-capture
command no longer downloads JavaScript dependencies. For more information on this topic, including how to include JavaScript dependencies in your emitted code, refer to the following Knowledge Base article: https://community.synopsys.com/s/article/Coverity-2021-06-Cov-Capture-Change (BLC-1053).
- Polaris Reporting can produce a report when there are zero open issues, allowing you to demonstrate that all open issues have been resolved. “Application Summary Report” has been renamed “Application Risk Report.”
- The Application Risk Report now includes a risk score and information about the application's risk profile. See the documentation for more about the risk score.
- Organization Administrators can configure and modify the Risk Profile settings to adapt the Risk Profile Score to an organization's needs.
- “Application Summary Report” has been renamed “Application Risk Report.”
- Users can select the issue type in Jira to export when configuring a Project in Polaris and linking it to a Project in Jira.
- Polaris Reporting contains new charts that show the age of outstanding issues and time to resolution of issues.
- Bug Fix: Incorrect mention of MISRA as a supported platform was removed from documentation (POL-14677).
- Bug Fix: An export to Jira error "Request was formatted incorrectly" was fixed (POL-14600).
- Bug Fix: An issue with SAML SSO with Google Identity was fixed after a user could not login to Polaris if logged into their Google account in browser (POLSAAS-326).
Polaris CLI
- The latest version of Polaris CLI Scan Client provides important security updates and is recommended for all users.
- Polaris CLI tool installation for MacOS now supports both zip archive (CLI binary) and new pkg installer downloads.
- Bug Fix: Polaris generated incorrect Coverity compiler configuration for Swift (POL-14711).
- Bug Fix: A Polaris Azure DevOps Scan using "waitForIssues" failed pointing to strange filepath has been resolved (POL-13219).
- Bug Fix: Scans failing because coverity-log.txt was being used by another process has been resolved (POL-14743).
- Bug fix: Build logs might leak sensitive information stored in environment variables. (POL-14415).
Polaris API
- Added field
issue-type-id
to project-mappings endpoint. The new endpoint/jiras/{jira-id}/projects/{jira-project-key}/issue-types
is or querying available issue types. -
Added a new API to calculate average age of open and closed issues:
api/query/v1/issue-metrics/age
-
Added new API's for Risk Profile Service:
- Create policy :
/api/risk-profile-service/v0/policies
- Method : POST
- List policies :
/api/risk-profile-service/v0/policies
- Method : GET
- Get policy by policy-id :
/api/risk-profile-service/v0/policies/{policy-id}
- Method : GET
- Update policy by policy-id :
/api/risk-profile-service/v0/policies/{policy-id}
- Method : PATCH
- Delete policy by policy-id :
/api/risk-profile-service/v0/policies/{policy-id}
- Method : DELETE
- Calculate score of an Application or Project :
/api/risk-profile-service/v0/policies/score
- Method : GET
- Get default policy:
/api/risk-profile-service/v0/policies/default-policy
- Method : GET
- Get enum values of each policy attributes :
/api/risk-profile-service/v0/policies/value-discovery
- Method : GET
- Create policy :
- The following tools service APIs are modified, to support extension choice while downloading the tool binary:
VO
Deprecated | Use Instead |
---|---|
/polaris_cli-{platform}-{version}.zip | /polaris_cli-{platform}-{version}.{extension} |
/polaris_cli-{platform}.zip | /polaris_cli-{platform}.{extension} |
/tools/{toolType}/{platform}/{version} | /tools/{toolType}/{platform}/{version}?extension={any supported extension} |
V1
Deprecated | Use Instead |
---|---|
/v1/{tool}{version}.zip | /v1/{tool}{version}.{extension} |
/v1/{tool}-{platform}.zip | /v1/{tool}-{platform}.{extension} |
/v1/download-descriptors/{id | /v1/download-descriptors/{id}?filter[extension]=<extension> |
V2
Deprecated | Use Instead |
---|---|
/polaris_cli-{platform}-{version}.zip | /v2/polaris_cli-{platform}-{version}.{extension} |
/v2/{tool}-{platform}.zip | /v2/{tool}-{platform}.{extension} |
/v2/download-descriptors/{id} | /v2/download-descriptors/{id}?filter[extension]=<extension> |