Black Duck expands Polaris platform with unified, automated security across all major SCMs

Black Duck has announced the availability of a set of enhanced Black Duck Polaris Platform integrations across all major source code management (SCM) platforms, including GitHub, GitLab, Azure DevOps, and Bitbucket. The Polaris Platform is an integrated, software-as-a-service application security platform powered by the static application security testing, software composition analysis, and dynamic application security testing engines.

With development teams managing an explosion of human and AI-generated code and increasingly distributed development environments, manual onboarding and fragmented security tools create serious coverage gaps. These enhanced Polaris capabilities enable organizations to achieve unprecedented speed, coverage, and automation in securing their applications at scale.

Designed for enterprises managing hundreds and even thousands of code repositories across globally distributed teams, these integrations simplify onboarding, accelerate scanning workflows, and seamlessly embed security into day-to-day development activities. Together, these enhancements reduce administrative overhead, eliminate manual configuration, and ensure continuous coverage for fast-changing codebases.

Key features and benefits:

• Unified coverage across all major SCMs. Whether teams use GitHub, GitLab, Azure DevOps, Bitbucket, or a mix of all four, the natively built integration with the Polaris Platform provides a consistent, unified security experience, not a scripted add-on.
• Instant onboarding for thousands of repositories. Organizations can automatically onboard and continuously synchronize Polaris with every repository in their SCMs without the need for manual configuration.
• Continuous monitoring of repository changes. New repositories, renamed projects, branch creation, and other structural changes are detected instantly, ensuring security coverage always remains current and complete.
• Trigger scans on key development events. Polaris scans can be triggered automatically when a pull request is created/updated or before it is merged, allowing developers to catch and fix vulnerabilities during their normal code review process, resulting in vulnerabilities being addressed earlier in the SDLC.
• Apply AI‑powered application security with Black Duck Signal. Enabling scans directly in the IDE or automated through CI/CD, all centrally managed in Polaris. Signal surfaces meaningful security insights in both human‑ and AI‑generated code, helping teams stop vulnerabilities before code is committed.
• Extend security and AI insights directly to the developer’s desktop with Code Sight. This IDE plugin triggers Polaris scans, manually or automatically, while developers code. Combined with Black Duck Assist’s AI‑driven guidance and remediation, developers get immediate, actionable feedback, reducing friction and preventing rework later in the lifecycle.
• Customizable scanning with full or rapid analysis. Teams can choose between deep, comprehensive scanning or rapid analysis based on the context of each workflow.
• Seamless integration into developer workflows. Security findings surface directly inside pull requests, enabling developers to fix issues in real time, without switching tools or breaking flow.
• Instant policy onboarding. Enterprise security policies and guardrails can be enabled with a single click, ensuring consistent enforcement across thousands of repositories.
• Instant user onboarding. Teams, roles, and access controls synchronize automatically, reducing administrative overhead and accelerating time to value.

“Enterprises are orchestrating software projects across hundreds and thousands of source code repositories in the race to adopt AI in production,” said Dipto Chakravarty, Chief Product and Technology Officer at Black Duck. “Development and Security teams need application security that is integrated, automated, and frictionless across their platforms and code repositories. No other solution combines the breadth of SCM platform support with universal event and policy-based automation, and the depth of analysis and agentic AI scalability provided by the Black Duck Polaris Platform. This is a game changer for operating DevSecOps at enterprise scale.”