Skip to main content

Configure session metadata

To send session metadata for your application to Contrast, add session metadata key-value pairs to your agent configuration file.

The agent reports the following build properties. You may include all or some of these properties. When you do, the metadata will be available to you as additional information for each vulnerability reported or as a way to filter them.

Supply these settings as system properties, environment settings or properties in a YAML configuration file.

Name

Setting

Commit Hash

commitHash

Committer

committer

Branch Name

branchName

Git Tag

gitTag

Repository

repository

Test Run

testRun

Version

version

Build Number

buildNumber

The metadata string format must be an RFC 2253 compliant string of comma delimited key=value pairs. Do not include these characters:

  • A space or hash (#) characters at the beginning of the string.

  • A space at the end of the string

  • Special characters: comma (,) , plus sign (+), double quotes (“), backslash (\), left angle bracket (<), right angle bracket (>), or semicolon (;)

Here are some examples of how you might configure session metadata in the following instances:

  • Java system properties: Include an additional entry in the line where you add your javaagent flag. In this case, you will set the property contrast.application.session_metadata to a set of key-value pairs (which conform to RFC 2253) that identify your test run.

    -Dcontrast.application.session_metadata="branchName=feature/some-new-thing,committer=Jane,repository=Contrast-Java"
  • .NET Framework using app.config or web.config: You can add an entry to your configuration to specify this property.

    <?xml version="1.0"?>
    <configuration>
      <connectionStrings />
          <appSettings>
            <add key="contrast.application.session_metadata" value="branchName=feature/some-new-thing,committer=Jane,repository=Contrast-DotNet" />
  • YAML configuration: You can add an additional entry to your contrast_security.yaml file.

    application:
     session_metadata: branchName=feature/some-new-thing,committer=Jane,repository=Contrast-Ruby
  • Continuous integration (CI) build scripts: You can set values using environment variables.

    -Dcontrast.application.session_metadata="branchName=feature/some-new-thing,committer=Jane,repository=Contrast-Java,buildNumber=$BUILD_NUMBER"
    -Dcontrast.application.session_metadata="branchName=$GIT_BRANCH,committer=$GIT_COMMITTER_NAME,commitHash=$GIT_COMMIT_HASH,repository=$GIT_URL,buildNumber=$BUILD_NUMBER"