- On the Polarion side:
- You have a Siemens Polarion account and project.
- You have a Polarion API token.
- On the Sigrid side:
- You have a Sigrid user account.
- You have created an authentication token for using Sigrid CI.
You will first need to add Sigrid CI to your project's pipeline, so that your code is automatically published to Sigrid after every commit. Sigrid CI supports multiple development platforms, so you can follow the instructions for your platform. Once Sigrid CI is enabled in your pipeline, your project will be automatically on-boarded to Sigrid when you run it for the first time. Once you have done this you should be able to see your project when you check sigrid-says.com.
You will need to create a scope configuration file for your system and add it to your repository. You might have already done this previously when you on-boarded your project to Sigrid. Open your sigrid.yaml configuration file. The file might look something like this:
component_depth: 1
languages:
- "python"
dependencychecker:
blacklist:
- "NONE"
You will be adding a polarion section to this file. This will enable the integration between Sigrid and Polarion, which means that both Sigrid and Polarion will be updated whenever you publish your source code. This section supports the following options:
| Option | Required | Description |
|---|---|---|
project |
Yes | Your Polarion project ID. |
url |
Yes | The base URL of your Polarion instance. |
system_work_item_id |
No | Optional parent work item ID. Sigrid's work items will be nested below this. |
After adding these options, you configuration file might look something like this:
component_depth: 1
languages:
- "python"
dependencychecker:
blacklist:
- "NONE"
polarion:
project: test
url: "https://my-polarion.my-company.com"
Since your updated configuration file is part of your repository, it will be picked up automatically the next time you publish your source code to Sigrid.
In Polarion, you can access Sigrid's Open Source Health data from the "work items" menu. Sigrid will create or update work items with the type SBOM Component and SBOM Vulnerability.
The detail page for these work items will provide you with the combination of all data resulting from Sigrid's analysis, plus all life cycle management and workflow options provided by Polarion.
Feel free to contact SIG's support department for any questions or issues you may have after reading this document, or when using Sigrid or Sigrid CI. Users in Europe can also contact us by phone at +31 20 314 0953.