Skip to main content

Configure an agent

When you install an agent, you must configure it so that it recognizes your application and can communicate information back to Contrast.

Configuration follows this order of precedence.


An expired license or exceeding a license quota disables all agent behavior regardless of configuration.


  1. Configure the required authentication variables (you can find them in Contrast).

      user_name: contrast_user  
      api_key: demo  
      service_key: demo


    • url: Address of the Contrast installation you would like your agent to report to. Defaults to:

    • user_name: Contrast user account (in most cases your login ID)

    • api_key: Your organization's API key

    • service_key: Contrast user account service key

    You can set these authentication variables with either:

    1. Environment variables.

    2. YAML configuration file.

      • You can download a YAML configuration file that is pre-populated with your organization keys. Select Add new in the Contrast web interface, select the Application card, and choose your application language to find a download link.

        This image shows the Add new button
      • You can also configure the file with the Contrast agent configuration editor with the Open YAML Editor link.

    3. Other methods native to the language and tools you are using, such as system properties or command line flags. Refer to the individual documentation pages for more details.


    See the Contrast agent configuration editor to view a full list of options and their default values.

  2. Configure any additional variables.

    • Use session metadata to filter vulnerabilities and route information for a specific branch, build, committer, or repository.

    • Use application metadata to filter applications by custom values.

    When you add the necessary configuration settings to your agent configuration file, the agent reports this information along with the rest of your standard vulnerability data to Contrast. Look here for the full list of configuration values and what they do beyond the necessary values described above.