Integration with Polaris Platform (SaaS)

This article covers the steps required to integrate your Phoenix Security account with Polaris Platform, for which you have the required credentials.

Prerequisites

– In order to create a new scanner integration you should have access to the platform as an Org Admin user.
– To connect your account to Polaris Platform you need to have your API key.(see below)

API Client Credentials

In order to integrate with Polaris Platform, you’ll need a set of API Client credentials. The following steps guide you through the credentials creation process.

1. To create your API Client credentials, log into your Polaris account and on the top right side of the page, click on your profile name, then select Account->Access Tokens->Create New Token.

2. Enter a name for the token,e.g. Phoenix integration (limit is 255 characters). Then click Save.

3. Copy the token and store it in a safe place.

4. After you have clicked save to confirm the API configuration, you must save the API key secret as this will be the last time it is available to see. You should now have the following details needed to create the integration on the Phoenix platform:
   • API Secret – displayed immediateley once a key has been created.

Create a Polaris Platform Scanner Integration

1. On the sidebar menu, navigate to the Scanners tab in the Integrations section.

2. Scroll down to SAST scanners and hover your mouse over the Polaris Platform scanner template. Then click on the template to add the scanner.

3. On the next step of the process, enter the credentials created in the first part of this guide.
   • Scanner Name: The name of the scanner to appear on Phoenix platform.
   • Server URL: The API Root URL for your data centre – it will default to the correct URL so can be left empty.
   • Client Secret: Should have been saved from earlier, if not a new key will nedd to be created.

4. Click on the ‘Create’ button
5. Select whether to fetch vulnerabilities from all repositories accessible to the Access Token, or to choose which ones to include or exclude. Also, configure a deletion period for missing targets to be deleted after a certain number of days.

6. Then click on “Save” to complete the process.

Unless there are issues with the credentials, the new scanner will appear in your list of integrations (under Integrations > Scanners) and the platform will start to collect asset and vulnerability details from the selected repositories (available through the choose targets to fetch section).

All the scanner’s assets and vulnerabilities will be automatically added to your account’s Default Application, and will be available to start assigning them to user-created Applications as required.