Skip to main content

icon-developers.png Integration options for continuous integration/continuous delivery

Contrast provides options for integrating Contrast with your continuous integration/continuous delivery (CI/CD) pipelines. If you are not responsible for CI/CD automation. discuss these options with your DevOps team.

Option

Description

Azure Pipelines extension

Use the Azure Pipelines extension to configure tasks and release gates that can fail based on vulnerability information that Contrast reports.

Bamboo

The Contrast Bamboo plugin lets you configure profiles for connecting to Contrast and verify builds against vulnerability thresholds.

Circle CI

The Contrast Circle CI orb lets you query the Contrast API to check if vulnerabilities were found in your application. If vulnerabilities are found above a set threshold, you can fail the build.

GitHub

Add a step to a GitHub pipeline which acts as a security gate, based on results that Contrast reports. You can configure a Job Outcome Policy or a threshold to specify which vulnerabilities trigger the pipeline to fail.

GitLab

You can create a stage within a GitLab pipeline which acts as a security gate, based on results that Contrast reports. You can configure GitLab variables that specify which vulnerabilities trigger the stage to fail.

Gradle

The Contrast Gradle plugin lets you integrate the Contrast.jar file with your build. It's capable of authenticating to Contrast, downloading the latest Java agent, and verifying your builds.

Jenkins

The Contrast plugin for Jenkins lets you add application security gates to this pipeline. These gates contain criteria that can fail the Jenkins job for a vulnerable application with a build result like Failure or Unstable.

Maven

The Contrast Maven plugin can integrate Contrast Assess and Scan into your project's Maven build.