Build & CI Tool Integrations

CI Plugin and Action Support

• Use the Black Duck Security Scan Action for GitHub Actions, and equivalent scan extensions for Azure DevOps, Bitbucket, and Jenkins to seamlessly trigger scans during builds.

• Integrate using the Bridge CLI, which connects to Polaris, Black Duck SCA, Coverity SAST, or Software Risk Manager to automate scans from any CI pipeline.

Policy-Based Build Enforcement

• Define rules that automatically fail builds or pull requests based on severity thresholds, license policy violations, or high-risk findings—ensuring code doesn’t progress unless it meets your AppSec standards.

• Scan results can generate alerts and comments directly within pull requests or CI dashboards.

Automation, Visibility, and Governance

• Integrate with CI pipelines like GitLab CI, Jenkins, CircleCI, Azure DevOps, and Bitbucket to enforce scanning consistently across projects and branches.

• View scan outcomes and risk insights via your developer portal or pipeline dashboard for immediate feedback and action.