Additional configuration
You can set these common variables with either system properties, environment variables, a YAML file, or default values.
Additional configuration values set with environment variables
Use these common variables to configure your system.
See the Contrast YAML Configuration Editor for a complete list as this can be updated with language-specific and advanced settings.
Environment variable | Description | Language |
|---|---|---|
CONTRAST__API__TOKEN | Set these values needed to communicate with Contrast: URL, API key, service key, and user name. This variable is the preferred method for setting the authentication credentials. | Latest versions of Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
CONTRAST__API__URL | Set the URL for Contrast. | Java, .NET Framework, .NET Core, Node.js, Python, PHP, and Go |
CONTRAST__API__API_KEY | Set the API key needed to communicate with Contrast. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
CONTRAST__API__SERVICE_KEY | Set the service key needed to communicate with Contrast. It is used to calculate the Authorization header. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
CONTRAST__API__USER_NAME | Set the user name used to communicate with Contrast. It is used to calculate the Authorization header. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
CONTRAST__INVENTORY__TAGS | Apply a list of labels to libraries. Labels must be formatted as a comma-delimited list. Example: | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, and PHP |
CONTRAST__ASSESS__TAGS | Apply a list of labels to vulnerabilities and preflight messages. Labels must be formatted as a comma-delimited list. Example: | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
CONTRAST__APPLICATION__NAME | Override the reported application name. Note: On Java systems where multiple, distinct applications may be served by a single process, this configuration causes the agent to report all discovered applications as one application with the given name. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
CONTRAST__APPLICATION__GROUP | Add the name of the application group with which this application should be associated in Contrast. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
CONTRAST__APPLICATION__CODE | Add the application code this application should use in Contrast. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
CONTRAST__APPLICATION__VERSION | Override the reported application version. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
CONTRAST__APPLICATION__TAGS | Apply labels to an application. Labels must be formatted as a comma-delimited list. Example: | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
CONTRAST__SERVER__NAME | Override the reported server name. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
CONTRAST__SERVER__ENVIRONMENT | Override the reported server environment. Valid values include | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
CONTRAST__SERVER__TAGS | Apply a list of labels to the server. Labels must be formatted as a comma-delimited list. Example: | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
Additional configuration values set by web.config
If you use .NET Framework or .NET Core with any of the following, you will also need to configure these variables.
Platform | Variable set |
|---|---|
Web.config (.NET Core IIS Module) | <environmentVariable name="CONTRAST__API__URL" value="https://app.contrastsecurity.com/Contrast/ " /> <environmentVariable name="CONTRAST__API__API_KEY" value="" /> <environmentVariable name="CONTRAST__API__SERVICE_KEY" value="" /> <environmentVariable name="CONTRAST__API__USER_NAME" value="" /> <environmentVariable name="CONTRAST__INVENTORY__TAGS" value="" /> <environmentVariable name="CONTRAST__ASSESS__TAGS" value="" /> <environmentVariable name="CONTRAST__APPLICATION__NAME" value="" /> <environmentVariable name="CONTRAST__APPLICATION__GROUP" value="" /> <environmentVariable name="CONTRAST__APPLICATION__CODE" value="" /> <environmentVariable name="CONTRAST__APPLICATION__VERSION" value="" /> <environmentVariable name="CONTRAST__APPLICATION__TAGS" value="" /> <environmentVariable name="CONTRAST__APPLICATION__METADATA" value="" /> <environmentVariable name="CONTRAST__APPLICATION__SESSION_ID" value="" /> <environmentVariable name="CONTRAST__APPLICATION__SESSION_METADATA" value="" /> <environmentVariable name="CONTRAST__SERVER__NAME" value="localhost" /> <environmentVariable name="CONTRAST__SERVER__ENVIRONMENT" value="development" /> <environmentVariable name="CONTRAST__SERVER__TAGS" value="" /> |
Azure App Service | [
{
"name": "CONTRAST__API__URL",
"value": "https://app.contrastsecurity.com/Contrast/ "
},
{
"name": "CONTRAST__API__API_KEY",
"value": ""
},
{
"name": "CONTRAST__API__SERVICE_KEY",
"value": ""
},
{
"name": "CONTRAST__API__USER_NAME",
"value": ""
},
{
"name": "CONTRAST__INVENTORY__TAGS",
"value": ""
},
{
"name": "CONTRAST__ASSESS__TAGS",
"value": ""
},
{
"name": "CONTRAST__APPLICATION__NAME",
"value": ""
},
{
"name": "CONTRAST__APPLICATION__GROUP",
"value": ""
},
{
"name": "CONTRAST__APPLICATION__CODE",
"value": ""
},
{
"name": "CONTRAST__APPLICATION__VERSION",
"value": ""
},
{
"name": "CONTRAST__APPLICATION__TAGS",
"value": ""
},
{
"name": "CONTRAST__APPLICATION__METADATA",
"value": ""
},
{
"name": "CONTRAST__APPLICATION__SESSION_ID",
"value": ""
},
{
"name": "CONTRAST__APPLICATION__SESSION_METADATA",
"value": ""
},
{
"name": "CONTRAST__SERVER__NAME",
"value": "localhost"
},
{
"name": "CONTRAST__SERVER__ENVIRONMENT",
"value": "development"
},
{
"name": "CONTRAST__SERVER__TAGS",
"value": ""
}
] |
Additional configuration values set by system properties
Configuration value | Languages |
|---|---|
-Dcontrast.api.url | Java, .NET Framework, .NET Core, Node.js, PHP, Python, Ruby, and Go |
-Dcontrast.api.api_key | Java, .NET Framework, .NET Core, Node.js, PHP, Python, Ruby, and Go |
-Dcontrast.api.service_key | Java, .NET Framework, .NET Core, Node.js, PHP, Python, Ruby, and Go |
-Dcontrast.api.user_name | Java, .NET Framework, .NET Core, Node.js, PHP, Python, Ruby, and Go |
-Dcontrast.inventory.tags | Java, .NET Framework, .NET Core, Node.js, PHP, Python, and Ruby |
-Dcontrast.assess.tags | Java, .NET Framework, .NET Core, Node.js, PHP, Python, Ruby, and Go |
-Dcontrast.application.name | Java, .NET Framework, .NET Core, Node.js, PHP, Python, Ruby, and Go |
-Dcontrast.application.group | Java, .NET Framework, .NET Core, Node.js, PHP, Python, Ruby, and Go |
-Dcontrast.application.code | Java, .NET Framework, .NET Core, Node.js, PHP, Python, Ruby, and Go |
-Dcontrast.application.version | Java, .NET Framework, .NET Core, Node.js, PHP, Python, Ruby, and Go |
-Dcontrast.application.tags | Java, .NET Framework, .NET Core, Node.js, PHP, Python, Ruby, and Go |
-Dcontrast.server.name | Java, .NET Framework, .NET Core, Node.js, PHP, Python, Ruby, and Go |
-Dcontrast.server.environment | Java, .NET Framework, .NET Core, Node.js, PHP, Python, Ruby, and Go |
-Dcontrast.server.tags | Java, .NET Framework, .NET Core, Node.js, PHP, Python, Ruby, and Go |
Additional configuration values set in the YAML
Use the YAML to set these additional configuration values.
Property | Description | Languages |
|---|---|---|
contrast.api.url | Set the URL for Contrast. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
contrast.api.api_key | Set the API key needed to communicate with Contrast. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
contrast.api.service_key | Set the service key needed to communicate with Contrast. It is used to calculate the Authorization header. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
contrast.api.user_name | Set the user name used to communicate with Contrast. It is used to calculate the Authorization header. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
contrast.inventory.tags | Apply a list of labels to libraries. Labels must be formatted as a comma-delimited list. Example: label1, label2, label3. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, and PHP |
contrast.assess.tags | Apply a list of labels to vulnerabilities and preflight messages. Labels must be formatted as a comma-delimited list. Example: label1, label2, label3. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
contrast.application.name | Override the reported application name. Note: On Java systems where multiple, distinct applications may be served by a single process, this configuration causes the agent to report all discovered applications as one application with the given name. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
contrast.application.group | Add the name of the application group with which this application should be associated in Contrast. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
contrast.application.code | Add the application code this application should use in Contrast. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
contrast.application.metadata | Define a set of | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
contrast.application.session_id | Provide the ID of a session that already exists in Contrast. Vulnerabilities discovered by the agent are associated with this session. If an invalid ID is supplied, the agent will be disabled. This option and | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
contrast.application.session_metadata | Provide metadata that is used to create a new session ID in Contrast. Vulnerabilities discovered by the agent are associated with this new session. This value should be formatted as | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
contrast.application.version | Override the reported application version. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
contrast.application.tags | Apply labels to an application. Labels must be formatted as a comma-delimited list. Example: label1, label2, label3. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
contrast.server.name | Override the reported server name. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
contrast.server.environment | Override the reported server environment. Valid values include QA, PRODUCTION and DEVELOPMENT. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
contrast.server.tags | Apply a list of labels to the server. Labels must be formatted as a comma-delimited list. Example: label1, label2, label3. | Java, .NET Framework, .NET Core, Node.js, Python, Ruby, PHP, and Go |
Tags and data
Tags
You may want or need to filter either Applications or Servers based on user-defined criteria. In this case, tags may be desired instead of or in addition to metadata. Tags can be applied to either an application, server, libraries, and/or vulnerabilities. These tags can help better organize items and improve search in Contrast.
Metadata
Application metadata can be created during agent configuration to help collect data from applications. You can set up fields to identify specific application owners, business units, locations, or other important pieces of information associated with an application.
Session metadata
You may want or need to filter vulnerability data for specific fields of information. When supplied in the agent configuration, the session metadata can be used as a filter in the Application Vulnerability details (not the Vulnerability Tab).
Note
Commonly-used fields include:
Name | Value |
|---|---|
Commit Hash |
|
Committer |
|
Branch Name |
|
Git Tag |
|
Repository |
|
Test Run |
|
Version |
|
Build Number |
|
For more information see session metadata.