CLI commands

The CLI offers a command line help guide with the --h or --help option. The help guide displays the following commands you can use to understand more about Contrast configuration, applications, and vulnerabilities.

In the following examples, replace <string> or <level> with the value that applies to your particular situation.

Command

Description

--yamlPath <string>

The path to display parameters from the YAML file (optional)

--cli_api_key <string>

An agent API key provided by Contrast (required)

--cli_authorization <string>

Agent authorization credentials provided by Contrast (required)

--cli_organization_id <string>

The ID of your organization in Contrast (required)

--cli_application_id <string>

The ID of the application cataloged by Contrast (required)

--cli_application_name <string>

The name of the application cataloged by Contrast (optional)

--cli_catalogue_application

Catalog an application (required for catalogue)

--cli_language <string>

Application language, such as JAVA, NODE, PYTHON, RUBY. Provide this when cataloging an application. (required for catalogue)

--cli_app_groups <string>

Assigns your application to one or more pre-existing groups when using the catalogue command. Group lists should be comma separated. (optional for catalogue)

--cli_proxy <string>

Allows for connection over a proxy server. If authentication is required, provide the username and password with the protocol, host and port. For example, http://username:password@<host>:<port>. (optional)

--cli_host <string>

The name of the host and, optionally, the port expressed as <host>:<port>. Does not include the protocol section of the URL (https://). Defaults to app.contrastsecurity.com . (optional)

Only HTTPS connections are supported at this time.

--cli_project_path <string>

The directory root of a project/application that you want to analyze. Defaults to the current directory. (optional)

--cve_severity <level>

Combined with --report, allows the user to report vulnerabilities above a chosen severity level. For example, cve_severity medium only reports vulnerabilities at Medium or higher severity.

--fail

Fails the build if any vulnerabilities are found. Can be used in combination with cve_severity to fail builds with vulnerabilities at severity levels defined by the user.

--report

Shows a report of vulnerabilities in the application from compile time.

--silent

Silences JSON output. (optional)

-v, --version

Displays the CLI version you are currently using.

-h, --help

Displays the help guide.

Note

Parameters in these commands may need to be quoted to avoid issues with special characters. For example

--cli_application_name = "My_app_name_$+=(/\"