Accelerate application code fixes with AI-powered Polaris Assist

We're excited to announce the availability of Polaris Assist, our AI-powered application security assistant that combines decades of real-world insights with a powerful large language model (LLM). Polaris Assist gives security and development teams easy-to-understand summaries of detected vulnerabilities and code fix recommendations to help them build secure software faster.

Understanding challenges to developer productivity

Almost every organization is working to increase development velocity to keep pace with their competitors and evolving market needs. Despite the improvements brought by modern DevOps practices and application frameworks, this is an uphill battle due to an ever-growing list of applications that need to be maintained, conflicting requests for developers’ time, and a seemingly endless list of potential security threats.

And while most developers are tasked with meeting KPIs related to velocity and application reliability, efforts to “shift security left” mean they’re now being asked to ensure that these apps are free of critical vulnerabilities as well. As applications become more complex, the backlog of issues to be resolved becomes unwieldy, and developer productivity goals become even more difficult to achieve.

Simplifying issue resolution

To keep up, development teams need to augment their existing security tools with a better way to quickly understand the list of vulnerabilities and resolve them without involving their security team. Oftentimes, many similar vulnerabilities are identified in an application, and developers would benefit greatly from having an automated way to resolve them quickly, so they can focus on delivering value. According to Gartner, organizations that automate their security activities experience an estimated 15% improvement in meeting both security and delivery targets.

Streamlining application security with Polaris Assist

To help reduce the burden and accelerate developer productivity, Black Duck recently introduced Polaris Assist, a virtual assistant that harnesses the power of generative AI to help security and development teams simplify and streamline application security. Polaris Assist includes two features to help developers resolve issues faster.

• Polaris AI issue summaries make it easier for developers to interpret and act on the findings from static analysis tests. These brief summaries include remediation guidance in the context of the code the developer is working on, which can be particularly helpful when working with code they didn’t write or frameworks they’re not familiar with. 
• Polaris AI fix suggestions help developers dramatically reduce the time it takes to fix security defects by providing AI-generated code fixes that they can simply copy and paste into their code. This enables developers to quickly review and implement code fixes without needing to become security experts.

Figure 1: Polaris Assist provides easy-to-understand explanations of vulnerabilities  
and how to resolve them

These two Polaris Assist features help minimize time-consuming AppSec activities, so developers can spend less time dealing with security issues and more time innovating.

Bringing generative AI to more Black Duck products

Polaris Assist helps enterprises produce more secure software at the speed their business demands. And Polaris AI issue summaries and fix suggestions are just the beginning; we’ll be integrating more Polaris Assist capabilities into other Black Duck products in the future. By combining the power of our market-leading AppSec engines with generative AI, developers and security teams will be able to ship more secure software faster to provide the innovation their business needs.

-This blog was reviewed by Patrick Carey.