The Synopsys Detect plugin for Azure DevOps (formerly known as Hub Detect) consolidates the functionality of Black Duck™ and Coverity™ on Polaris™ to support Software Composition Analysis (SCA: open source software detection) and Static Application Security Testing (SAST: code analysis). It is architected to seamlessly integrate Synopsys Detect with Azure DevOps build and release pipelines. Synopsys Detect makes it easier to set up and scan code bases using a variety of languages and package managers across different application security techniques.
As a Synopsys and Azure DevOps user, Synopsys Detect Extension for Azure DevOps enables you to: • Run a component scan in an Azure DevOps job: o Create projects and releases in Black Duck through the Azure DevOps job. • After a scan is complete, the results are available on the Black Duck server (for SCA) • After the scan is complete, the results are available on the Coverity on Polaris server (for SAST)
Defect Discovery with Coverity Static Analysis: Identify security & quality defects in your proprietary application using Coverity's market-leading Static Analysis solution. Synopsys Detect only supports Coverity on Polaris.
Open Source Discovery: Rapid scanning and identification of open source libraries, versions, license, and community activity powered by the Black Duck® KnowledgeBase™.
Detect for Azure DevOps is architected to integrate seamlessly with build and release pipelines for both Black Duck and Coverity on Polaris
Using other tools in your CI/CD pipeline such as Jenkins, Artifactory, and others? We have easy to use plugins for the most popular development tools, and REST APIs that allow you to build your own integrations for virtually any commercial or custom development environment. Check out our Integrations page for more information!
Instructions and examples are available on our Public Confluence
For information on the full capabilities of Detect visit Detect Public Confluence
Before calling Detect in TFS or Azure DevOps, an active instance of Black Duck and/or Polaris is required.
If you do not have Black Duck, refer to Azure Marketplace for more information.
Follow the steps to Deploy on Azure for more information on deploying from the Azure Marketplace.
If you do not have Coverity on Polaris, contact us at firstname.lastname@example.org
Want to contribute?
Running into an issue? Want to contribute? All code for this extension is available on Github.