Package: Invicti AppSec Enterprise (on-premise, on-demand)
Polaris fAST SCA integration
Invicti AppSec supports Polaris fAST SCA as an SCA (Software Composition Analysis) scanner. This guide explains how to activate and configure the Polaris fAST SCA integration.
Polaris fAST SCA (by Synopsys) is a cloud-based software composition analysis tool that provides fast and accurate identification of open-source components and their associated vulnerabilities. It is part of the Polaris Software Integrity Platform, offering seamless integration with development workflows for continuous open-source risk management.
Prerequisites
Before starting the integration, ensure you have the following information from your Polaris instance:
| Field | Description | Required |
|---|---|---|
| Token | API access token generated from your Polaris platform | Yes |
| URL | Your Polaris instance URL (e.g., https://polaris.yourcompany.com) | Yes |
Get Credentials (on Polaris Side)
- Log in to your Polaris platform.
- Click on your user profile icon in the top-right corner.
- Navigate to API Access Tokens (or Personal Access Tokens).
- Click Create Token or Generate New Token.
- Provide a name for the token and set appropriate permissions.
- Copy the generated token and save it securely.
Get credentials
- Log in to your Polaris platform.
- Go to your profile > API Access Tokens.
- Click Create Token and set appropriate permissions.
- Copy and save the token securely.
Step 1: Navigate to Integrations
From the left sidebar menu, click on Integrations.
Step 2: Select the SCA Tab
On the Integrations page, you will see the Scanners section with multiple tabs. Click on the SCA tab.
Step 3: Find and Activate Polaris fAST SCA
Scroll through the list of SCA scanners to find Polaris fAST SCA.
- If Polaris fAST SCA is not activated, you will see an "Activate" button. Click it to enable the integration.
- If Polaris fAST SCA is already activated, you will see a toggle switch in the ON position and a "Deactivate" button, along with a gear icon for configuration.
The scan method badge on the Polaris fAST SCA card shows KDT, which means scans are triggered through the Kondukto CLI tool (KDT).
Step 4: Configure Connection Settings
Click on the gear icon on the Polaris fAST SCA card to open the configuration panel. Fill in the required fields:
- Token: Paste the API access token you generated from Polaris.
- URL: Enter your Polaris instance URL (e.g.,
https://polaris.yourcompany.com).
Step 5: Test the Connection
Click the "Test Connection" button at the bottom of the configuration panel to verify that the provided credentials and URL are correct.
- If the connection is successful, the integration is ready to use.
- If the connection fails, verify your Token and URL values.
- For existing integrations, you can use the "Retest Connection" button at the top of the panel.
Step 6: Advanced Settings (Optional)
Click on "Advanced Settings" to expand additional options:
| Setting | Description | Default |
|---|---|---|
| Allow team leads to scan this instance | Permits team leads to trigger scans using this Polaris fAST SCA instance | Off |
| Allow team leads to create new instances | Permits team leads to create additional Polaris fAST SCA instances | Off |
After modifying advanced settings, click "Save Advanced Settings" to apply changes.
Summary
| Step | Action |
|---|---|
| 1 | Navigate to Integrations from the sidebar |
| 2 | Select the SCA tab under Scanners |
| 3 | Find Polaris fAST SCA and click Activate (if not already active) |
| 4 | Click the gear icon and fill in Token and URL |
| 5 | Click Test Connection to verify |
| 6 | (Optional) Configure Advanced Settings for team lead permissions |
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center