CLI installation prerequisites


Node.js must be installed prior to using the Contrast CLI. The CLI is executed as a Node.js package. Versions 10, 12, and 14 are currently supported. For installation information, refer to the Node.js documentation.

Instrument an application

The Contrast CLI may be used to create new application instances within the Contrast server. However, the CLI is typically used to supplement pre-existing applications - those which have been created and instrumented by the appropriate Contrast agent.

Pre-existing applications that have been fully instrumented at runtime by a Contrast agent include a rich set of vulnerability and library data within Contrast. For information on how to instrument your application with a Contrast agent:

Proxy requirements

Use the cli_proxy property for communication with Contrast over a proxy. If authentication is required, provide the username and password with the protocol, host and port. For example, http://username:password@<host>:<port>.

Source code requirements

Source code for target applications must be available locally:

  • Java applications must have a pom.xml file present and have Maven installed, including the dependency plugin. For a Gradle project, use build.gradle.


    Running mvn dependency:tree locally in the project directory must be successful. Gradle version 6 is supported.

  • .NET and .NET Core applications must have one .csproj file and one package.lock.json file present.

  • Node applications must have either a package-lock.json or a .yarn.lock file present.

  • Python applications must have the pipfile and pipfile.lock files present.

  • Ruby applications must have gemfile and gemfile.lock files present.


Only single language applications are supported at this time.