Black Duck has expanded the integration capabilities of its Polaris Platform to help enterprises embed automated, frictionless application security across large, complex development environments. The update introduces enhanced, native integrations with leading source code management (SCM) platforms, including GitHub, GitLab, Azure DevOps, and Bitbucket. The move is designed to support enterprises that manage hundreds or thousands of repositories across globally distributed teams.
Addressing Scale and AI-Driven Development
As organisations contend with growing volumes of both human- and AI-generated code, security leaders are under pressure to close coverage gaps caused by manual onboarding and fragmented tooling. According to Black Duck, the enhanced Polaris integrations automate repository onboarding, continuous monitoring, and event-based scanning, reducing administrative burden while maintaining consistent coverage across fast-changing codebases.
The Polaris Platform is delivered as a software-as-a-service application security solution that combines static application security testing (SAST), software composition analysis (SCA), and dynamic application security testing (DAST). The latest updates are focused on simplifying how these capabilities are deployed and managed at scale.
Unified, Native Integration
Unlike scripted add-ons, the integrations are natively built into the Polaris Platform, providing a consistent security experience across multiple SCM environments. Enterprises operating hybrid or multi-platform development strategies can apply policies and automation uniformly, regardless of where code resides.
Organisations can automatically onboard and continuously synchronise thousands of repositories without manual configuration. Structural changes, such as new repositories, renamed projects, or branch creation, are detected automatically to ensure coverage remains current.
Security Embedded in Developer Workflows
A key focus of the update is shifting security further left in the software development lifecycle (SDLC). Polaris scans can be triggered automatically when pull requests are created or updated, or prior to merge. Findings are surfaced directly within pull requests, enabling developers to address vulnerabilities without leaving their workflow.
The integrations also extend to the developer desktop. Black Duck’s Code Sight IDE plugin enables scans to run during coding, while Black Duck Signal applies AI-powered analysis within IDEs or CI/CD pipelines. Combined with AI-driven remediation guidance, developers receive immediate, contextual feedback designed to reduce rework later in the lifecycle.
Enterprises can choose between deep, comprehensive scans and rapid analysis modes depending on workflow context, balancing speed with depth of inspection.
Centralised Policy and User Management
The update also introduces simplified enterprise-wide governance. Security policies and guardrails can be enabled instantly across repositories, while user roles and access controls synchronise automatically with SCM platforms. Black Duck says this reduces time to value and ensures consistent enforcement at scale.
Commenting on the announcement, Dipto Chakravarty, Chief Product and Technology Officer at Black Duck, said enterprises are increasingly orchestrating software projects across vast numbers of repositories as they accelerate AI adoption. “Development and security teams need application security that is integrated, automated, and frictionless across their platforms and code repositories,” he said. “No other solution combines the breadth of SCM platform support with universal event and policy-based automation, and the depth of analysis and agentic AI scalability provided by the Black Duck Polaris Platform.”




