Contrast CI/CD example walk through

The Contrast agent is an application package that you deploy alongside the application into test environments. Since CI/CD pipelines are often used to build and deploy the application somewhere else for testing (like Kubernetes or Azure App Services), Contrast doesn't always provide a plugin just for adding the agent.

Deploying agents to test environments outside of the CI/CD pipeline is a separate task that you should complete before following the rest of this walk through. Install an agent provides details about deploying agents.

Install the agent on the servers that receive requests from integration, smoke, and end-to-end tests that run from the CI/CD pipeline. The automated testing in the pipeline exercises the application, Contrast analyses it in real time, and results are available before the pipeline completes.

If building and testing all happens within the pipeline on a pipeline runner, for example, then you can add the agent as a dependency on the runner or by downloading it directly as a pipeline step as described in Integrate Contrast with GitHub .

Contrast has plugins for all major CI/CD pipelines that add robust security gates to prevent vulnerabilities from reaching production. These plugins add the ability to fail the pipeline (and therefore prevent merging) if Contrast finds vulnerabilities during the testing phase based on their criticality, type, or number. You can customize the threshold to suit different teams with different levels of maturity.

The security gate runs at the end of your pipeline, once all automated testing is completed.. The plugin checks for vulnerabilities that the Contrast agent reports for this pipeline session.

For example, the Contrast Verify GitHub action implements a Contrast security gate in a GitHub Actions pipeline.

This diagram shows an example of a CI/CD workflow that incorporate Contrast.

CI/CD integration options provides a list of other ways to integrate security gates for other pipelines.