Coverity on Polaris for Jenkins

Coverity on Polaris for Jenkins plug-in enables you to invoke Coverity on Polaris analysis from your Jenkins builds.

Coverity on Polaris helps security and development teams analyze security risks in their software products. Coverity on Polaris provides a comprehensive, aggregated view of application security with the ability to examine and manage individual issues.

Coverity on Polaris for Jenkins enables continuous integration, and by incorporating the Coverity on Polaris plug-in it provides the flexibility to orchestrate security analysis in your software development.

  • Use the Coverity on Polaris CLI in Jenkins to run static analysis on your software code and then upload the results to your Coverity on Polaris server.
  • Invoke different Coverity on Polaris CLI analysis options on your builds in Jenkins.
  • Run a full analysis scan on a build, or an incremental analysis (LCA) scan on an SCM changeset.
  • When you commit code to a repository, you can trigger a build and the Coverity on Polaris scan returns results for that scan based on your pre-configured Jenkins job.
  • Use Coverity on Polaris for Jenkins in both freestyle and pipeline jobs.

Coverity on Polaris for Jenkins plug-in does the following when it runs:

  • Checks the configured Coverity on Polaris server and the Jenkins node to verify if the correct version of the Polaris Command Line Interpreter (CLI) is installed on the node.
  • If the Coverity on Polaris CLI is not installed, the plug-in installs the CLI.
  • Coverity on Polaris for Jenkins executes the Coverity on Polaris CLI, which analyzes your project and uploads the results to Polaris.
  • In a Jenkins freestyle job, you can configure the CLI to wait (wait for issues) until Coverity on Polaris has completed the code analysis and then apply a build status such as marking the build as unstable or failing the build if issues are found.
  • In a Jenkins pipeline job, you can configure the CLI to check for issues when the build is finished.

Basic workflow

Using Coverity on Polaris to analyze your code through Jenkins involves the following basic steps:

  1. Ensure that you satisfy the requirements.
  2. Install the Coverity on Polaris plug-in in Jenkins.
  3. Configure credentials for Coverity on Polaris and any environment variables.
  4. Configure Coverity on Polaris CLI in Jenkins.
  5. Configure a connection to your Coverity on Polaris instance in Jenkins.
  6. Provide Coverity on Polaris arguments in a freestyle or pipeline job to run against a build.
  7. Examine the analysis results.