Configure session metadata
To send session metadata for your application to Contrast, you must add the configuration settings to your agent configuration file.
The agent reports the following build properties. You may include all or some of these properties. When you do, the metadata will be available to you as additional information for each vulnerability reported or as a way to filter them.
Supply these settings as system properties, environment settings or properties in a YAML configuration file.
Name | Value |
---|---|
Commit Hash |
|
Committer |
|
Branch Name |
|
Git Tag |
|
Repository |
|
Test Run |
|
Version |
|
Build Number |
|
Here are some examples of how you might configure session metadata in the following instances:
Java system properties: Include an additional entry in the line where you add your
javaagent
flag. In this case, you will set the propertycontrast.application.session_metadata
to a set of key-value pairs (which conform to RFC 2253) that identify your test run.-Dcontrast.application.session_metadata="branchName=feature/some-new-thing,committer=Jane,repository=Contrast-Java"
.NET Framework using app.config or web.config: You can add an entry to your configuration to specify this property.
<?xml version="1.0"?> <configuration> <connectionStrings /> <appSettings> <add key="contrast.application.session_metadata" value="branchName=feature/some-new-thing,committer=Jane,repository=Contrast-DotNet" />
YAML configuration: You can add an additional entry to your contrast_security.yaml file.
application: session_metadata: branchName=feature/some-new-thing,committer=Jane,repository=Contrast-Ruby
Continuous integration (CI) build scripts: You can set values using environment variables.
-Dcontrast.application.session_metadata="branchName=feature/some-new-thing,committer=Jane,repository=Contrast-Java,buildNumber=$BUILD_NUMBER"
-Dcontrast.application.session_metadata="branchName=$GIT_BRANCH,committer=$GIT_COMMITTER_NAME,commitHash=$GIT_COMMIT_HASH,repository=$GIT_URL,buildNumber=$BUILD_NUMBER"