Contrast CLI

Use the Contrast command line interface (CLI) to analyze libraries at the earliest stage of the software development life cycle (SDLC).

The Contrast CLI runs on Node.js but can be used on any instrumented application to perform a software composition analysis (SCA). With this analysis, you can identify vulnerable libraries, fail a build based on CVE severity and view a dependency tree to understand the dependencies between libraries and where vulnerabilities have been introduced.

Contrast does this by supplementing existing runtime instrumentation from Contrast agents, with data from pre-compile analysis (typically not available at runtime).

Contrast uses HTTPS or HTTP to communicate with instrumented applications.

Install the Contrast CLI so you can register new applications and begin analyzing your libraries during the development phase using the command line options.