Configure an agent
When you install an agent, you must configure it so that it recognizes your application and can communicate information back to Contrast.
Configuration follows this order of precedence.
Note
An expired license or exceeding a license quota disables all agent behavior regardless of configuration.
Steps
Configure the required authentication variables (you can find them in Contrast).
api: url: https://app.contrastsecurity.com user_name: contrast_user api_key: demo service_key: demo
where:
url: Address of the Contrast installation you would like your agent to report to. Defaults to: https://app.contrastsecurity.com
user_name: Contrast user account (in most cases your login ID)
api_key: Your organization's API key
service_key: Contrast user account service key
You can set these authentication variables with either:
Environment variables.
YAML configuration file.
You can download a YAML configuration file that is pre-populated with your organization keys. Select Add new in the Contrast web interface, select the Application card, and choose your application language to find a download link.
You can also configure the file with the Contrast agent configuration editor with the Open YAML Editor link.
Other methods native to the language and tools you are using, such as system properties or command line flags. Refer to the individual documentation pages for more details.
Note
See the Contrast agent configuration editor to view a full list of options and their default values.
Configure any additional variables.
Use session metadata to filter vulnerabilities and route information for a specific branch, build, committer, or repository.
Use custom metadata to filter applications by custom values.
When you add the necessary configuration settings to your agent configuration file, the agent reports this information along with the rest of your standard vulnerability data to Contrast. Look here for the full list of configuration values and what they do beyond the necessary values described above.