Black Duck Polaris Platform
Black Duck Polaris Platform is a cloud-based application security solution for detecting and managing software vulnerabilities through integrated code scans and security analysis. You can bring application, open source finding, and static code finding data from Black Duck into Brinqa to centralize your organization's attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Black Duck Polaris Platform and how to obtain that information from Black Duck. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Black Duck Polaris Platform from the Connector drop-down list. You must provide the following information to authenticate Black Duck Polaris Platform with Brinqa:
-
Service URL: The Black Duck Polaris API URL. The default URL is
https://polaris.blackduck.com. -
API Key: The access token associated with the user or service account for Polaris, which must have permissions to log in to the API server and return data.
Generate a Polaris access token
For the Black Duck Polaris Platform connector to use the Polaris APIs, you must provide an access token. Since Black Duck prohibits retrieving access tokens for existing users, you'll need to generate a new one. To do so, follow these steps:
-
Log in to your organization's Black Duck Polaris Platform account.
-
Open your user profile and select Account.
-
Click Access Tokens, and then Create New Token.
-
Provide a name for the API token and click Save.
The new API token displays. You cannot view the token again. Copy the token and save it in a secure location.
If you do not have the permissions to create an API token, contact your Black Duck Polaris Platform administrator. For additional information, see Black Duck documentation.
(Optional) Create a service account for Black Duck Polaris Platform
In addition to creating an access token from a user account, you can also create a service account for Polaris and assign it a global or application-level role. A service account is a dedicated account that is used for automated processes and integrations, such as the Black Duck Polaris Platform connector. Service accounts have their own set of tokens that can be used for authentication. For additional information, see Black Duck documentation on how to create a service account for Polaris.
Additional settings
The Black Duck Polaris Platform connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 4.
-
Maximum retries: The maximum number of times that the integration attempts to connect to the Polaris API before giving up and reporting a failure. The default setting is 5.
Types of data to retrieve
The Black Duck Polaris Platform connector can retrieve the following types of data from the Black Duck Polaris API:
Table 1: Data retrieved from Black Duck Polaris Platform
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Application | Yes | Application |
| Open Source Finding | Yes | Open Source Finding |
| Open Source Finding Definition | Yes | Open Source Finding Definition |
| Project | Yes | Code Project |
| Static Code Finding | Yes | Static Code Finding |
| Static Code Finding Definition | Yes | Static Code Finding Definition |
For detailed steps on how to view the data retrieved from Black Duck Polaris Platform in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Application
Table 2: Application attribute mappings
| Source Value | Brinqa Attribute |
|---|---|
| portfolio item createdAt | SOURCE_CREATED_DATE |
| portfolio item description | DESCRIPTION |
| portfolio item id | UID |
| portfolio item inTrash | IN_TRASH |
| portfolio item name (or id if name is empty) | NAME |
| portfolio item portfolioId | PORTFOLIO_ID |
| portfolio item subscriptionTypeUsed | SUBSCRIPTION_TYPE_USED |
| portfolio item updatedAt | SOURCE_LAST_MODIFIED |
Black Duck Polaris Platform refers to Portfolio items as applications and Portfolio subitems as projects.
Open Source Finding
Table 3: Open Source Finding attribute mappings
| Source Value | Brinqa Attribute |
|---|---|
| application id | APPLICATION |
| branch id | BRANCH_ID |
| context.date | TESTED_ON |
| context.tenantId | TENANT_ID |
| context.toolId | TOOL_ID |
| context.toolType | TOOL_TYPE |
| issueProperties.component-id | COMPONENT_ID |
| issueProperties.component-name | COMPONENT |
| issueProperties.component-version-id | COMPONENT_VERSION_ID |
| issueProperties.component-version-name | COMPONENT_VERSION |
| issueProperties.cwe | CWE_IDS, WEAKNESSES |
| issueProperties.description | DESCRIPTION |
| issueProperties.location | FILE_NAME |
| issueProperties.severity | SOURCE_SEVERITY |
| issueProperties.vulnerability-id | CVE_IDS, CVE_RECORDS |
| issueProperties.workaround | WORKAROUND |
| issueProperties.entrySet().stream | ISSUE_PROPERTIES |
| issueResource.firstDetectedOn | FIRST_FOUND |
| issueResource.id | ISSUE_ID, NAME |
| issueTypeId | ISSUE_TYPE_ID |
| MD5 of (issueResource.id, project id) | UID |
| MD5 of (issueTypeId, cveId) | TYPE |
| normalized issueProperties.severity | SEVERITY |
| normalizedStatus | SOURCE_STATUS, STATUS |
| other-branch id | OTHER_BRANCH_IDS |
| project id | PROJECT |
| concatenated summary of all component information | RESULTS |
| score from normalized issueProperties.severity | SEVERITY_SCORE |
| status category from normalizedStatus | STATUS_CATEGORY |
| targets | TARGETS |
| test id | TEST_ID |
| triageProperties.entrySet().stream | TRIAGE_PROPERTIES |
| triageProperties.dismissal-reason | DISMISSAL_REASON |
| triageProperties.is-dismissed | DISMISSED |
| triageProperties.status | PROVIDER_STATUS |
Open Source Finding Definition
Table 4: Open Source Finding Definition attribute mappings
| Source Value | Brinqa Attribute |
|---|---|
| description from localized details or issueProperties.description | DESCRIPTION |
| issueProperties.cwe | CWE_IDS |
| issueProperties.severity | SOURCE_SEVERITY |
| issueProperties.vulnerability-id | CVE_IDS, VULNERABILITY_ID, CVE_RECORDS |
| issueProperties.vulnerability-source | VULNERABILITY_SOURCE |
| issueProperties.overall-score | OVERALL_SCORE |
| issueProperties.linked-vulnerability-id | LINKED_VULNERABILITY_ID |
| issueResource.weaknessId | WEAKNESSES |
| issueType.id | ISSUE_TYPE_ID |
| issueType.name | ISSUE_TYPE_NAME |
| issueType.name localized | CATEGORIES, ISSUE_TYPE_LOCALIZED_NAME |
| normalized issueProperties.severity | SEVERITY |
| remediation from localized details or issueProperties.solution | REMEDIATION |
| score from normalized finding severity | SEVERITY_SCORE |
| subcategory from localized details | SUBCATEGORY |
| uid | NAME, UID |
Project
Table 5: Project attribute mappings
| Source Value | Brinqa Attribute |
|---|---|
| portfolio subitem createdAt | SOURCE_CREATED_DATE |
| portfolio subitem description | DESCRIPTION |
| portfolio subitem id | UID |
| portfolio subitem inTrash | IN_TRASH |
| portfolio subitem name (or id if name is empty) | NAME |
| portfolio subitem portfolioItemId | APPLICATION |
| portfolio subitem updatedAt | SOURCE_LAST_MODIFIED |
Black Duck Polaris Platform refers to Portfolio items as applications and Portfolio subitems as projects.
Static Code Finding
Table 6: Static Code Finding attribute mappings
| Source Value | Brinqa Attribute |
|---|---|
| application id | APPLICATION |
| branch id | BRANCH_ID |
| context.date | TESTED_ON |
| context.tenantId | TENANT_ID |
| context.toolId | TOOL_ID |
| context.toolType | TOOL_TYPE |
| issueProperties.coverity-events | COVERITY_EVENTS |
| issueProperties.cwe | CWE_IDS, WEAKNESSES |
| issueProperties.description | DESCRIPTION |
| issueProperties.filename | FILENAME |
| issueProperties.language | LANGUAGE |
| issueProperties.line-number | LINE_NUMBER |
| issueProperties.local-effect | LOCAL_EFFECT |
| issueProperties.location | FILE_NAME, LOCATION |
| issueProperties.severity | SOURCE_SEVERITY |
| issueProperties.vulnerability-id | CVE_IDS, CVE_RECORDS |
| issueProperties.workaround | WORKAROUND |
| issueProperties.entrySet().stream | ISSUE_PROPERTIES |
| issueResource.firstDetectedOn | FIRST_FOUND |
| issueResource.id | ISSUE_ID, NAME |
| issueTypeId | ISSUE_TYPE_ID |
| MD5 of (issueResource.id, project id) | UID |
| MD5 of (issueTypeId, cveId) | TYPE |
| normalized issueProperties.severity | SEVERITY |
| normalizedStatus | SOURCE_STATUS, STATUS |
| other-branch id | OTHER_BRANCH_IDS |
| project id | PROJECT |
| concatenated summary of all code information | RESULTS |
| score from normalized issueProperties.severity | SEVERITY_SCORE |
| status category from normalizedStatus | STATUS_CATEGORY |
| targets | TARGETS |
| test id | TEST_ID |
| triageProperties.entrySet().stream | TRIAGE_PROPERTIES |
| triageProperties.dismissal-reason | DISMISSAL_REASON |
| triageProperties.is-dismissed | DISMISSED |
| triageProperties.status | PROVIDER_STATUS |
Static Code Finding Definition
Table 7: Static Code Finding Definition attribute mappings
| Source Value | Brinqa Attribute |
|---|---|
| description from localized details or issueProperties.description | DESCRIPTION |
| issueProperties.cwe | CWE_IDS |
| issueProperties.severity | SOURCE_SEVERITY |
| issueProperties.vulnerability-id | CVE_IDS |
| issueResource.weaknessId | WEAKNESSES |
| issueType.id | ISSUE_TYPE_ID |
| issueType.name | ISSUE_TYPE_NAME |
| issueType.name localized | CATEGORIES, ISSUE_TYPE_LOCALIZED_NAME |
| normalized issueProperties.severity | SEVERITY |
| remediation from localized details or issueProperties.solution | REMEDIATION |
| score from normalized finding severity | SEVERITY_SCORE |
| subcategory from localized details | SUBCATEGORY |
| uid | NAME, UID |
Operation options
The Black Duck Polaris Platform connector supports the following operation options. See connector operation options for information about how to apply them.
Table 8: Black Duck Polaris Platform connector operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| Open Source Finding | severity | low, medium, high, critical | A comma-separated list of finding severity. Retrieve open source findings based on the specified severity as determined by Black Duck. | Key: severity Value: high,critical. This key and value combination only retrieves open source findings with a severity of high or critical. |
| status | not-dismissed, to-be-fixed, dismissed | A comma-separated list of finding statuses. Retrieve open source findings based on the specified status as determined by Black Duck. | Key: status Value: not-dismissed. This key and value combination only retrieves open source findings with a status of not-dismissed. | |
| Open Source Finding Definition | severity | low, medium, high, critical | A comma-separated list of finding severity. Retrieve type data for open source findings based on the specified severity as determined by Black Duck. | Key: severity Value: high,critical. This key and value combination only retrieves type data for open source findings with a severity of high or critical. |
| status | not-dismissed, to-be-fixed, dismissed | A comma-separated list of finding statuses. Retrieve type data for open source findings based on the specified status as determined by Black Duck. | Key: status Value: not-dismissed. This key and value combination only retrieves type data for open source findings with a status of not-dismissed. | |
| Static Code Finding | severity | low, medium, high, critical | A comma-separated list of finding severity. Retrieve static code findings based on the specified severity as determined by Black Duck. | Key: severity Value: high,critical. This key and value combination only retrieves static code findings with a severity of high or critical. |
| status | not-dismissed, to-be-fixed, dismissed | A comma-separated list of finding statuses. Retrieve static code findings based on the specified status as determined by Black Duck. | Key: status Value: not-dismissed. This key and value combination only retrieves static code findings with a status of not-dismissed. | |
| Static Code Finding Definition | severity | low, medium, high, critical | A comma-separated list of finding severity. Retrieve type data for static code findings based on the specified severity as determined by Black Duck. | Key: severity Value: high,critical. This key and value combination only retrieves type data for static code findings with a severity of high or critical. |
| status | not-dismissed, to-be-fixed, dismissed | A comma-separated list of finding statuses. Retrieve type data for static code findings based on the specified status as determined by Black Duck. | Key: status Value: not-dismissed. This key and value combination only retrieves type data for static code findings with a status of not-dismissed. |
The option keys and values are case-sensitive as they are shown in this documentation.
APIs
The Black Duck Polaris Platform connector uses the Black Duck Polaris API. Specifically, it uses the following endpoints:
Table 9: Black Duck Polaris API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Application | GET /api/portfolios/{portfolioId}/applications |
| Open Source Finding | GET /api/findings/issues |
| Open Source Finding Definition | GET /api/findings/issues |
| Project | GET /api/portfolios/{portfolioId}/applications/{applicationId}/projects |
| Static Code Finding | GET /api/findings/issues |
| Static Code Finding Definition | GET /api/findings/issues |
Changelog
The Black Duck Polaris Platform connector has undergone the following changes:
This connector is part of a bundled release with other connectors from the same vendor. If a version shows "No change", it means that the connector version was updated for consistency as part of the bundle, but no functional changes were made to this specific connector. You can update to or skip this version without affecting your existing configuration.
Table 10: Black Duck Polaris Platform connector changelog
| Version | Description | Date Published |
|---|---|---|
| 3.2.1 | No change. | November 25th, 2025 |
| 3.2.0 | Initial Integration+ release. | October 17th, 2025 |