CodeSec by Contrast Security commands
Authenticate using your GitHub or Google account. A new browser window will open for log in.
Usage: contrast auth
Searches for a suitable file in the working directory to perform a security audit of dependencies and returns the results.
Java | pom.xml and Maven build platform including the dependency plugin OR build.gradle file and gradle dependencies or ./gradlew dependencies must be supported |
Node | package.json and a lock file (either package-lock.json or yarn.lock) |
PHP | composer.json and composer.lock files |
Python | pipfile and pipfile.lock files |
Ruby | gemfile and gemfile.lock files |
Go | go.mod file |
Usage: contrast audit
Options:
--file
Specify a directory or the file where dependencies are declared. (By default, CodeSec will search for project files in the current directory.) If multiple project files are found in the directory, you will be prompted to confirm the file to audit.
Alias: -f
--help
Displays usage guide.
Alias: -h
--ignore-dev
Excludes developer dependencies from the results. All dependencies are included by default.
Alias: -i
--save
Generate and save an SBOM (Software Bill of Materials). Valid options are: --save spdx and --save cyclonedx (CycloneDX is the default format.).
Alias: -s
Displays stored credentials.
Usage: contrast config
Options:
-c, --clear
Removes stored credentials.
Performs a security SAST scan.
Usage: contrast scan [option]
Options:
--file
Path of the file you want to scan. Contrast searches for a .jar, .war, .js or .zip file in the working directory if a file is not specified.
Alias: -f
--name
Contrast project name. If not specified, Contrast uses contrast.settings to identify the project or creates a project.
Alias: –n
--save
Download the results to a Static Analysis Results Interchange Format (SARIF) file. The file is downloaded to the current working directory with a default name of results.sarif. You can view the file with any text editor.
Alias: -s
--timeout
Time in seconds to wait for the scan to complete. Default value is 300 seconds.
Alias: -t
Name of AWS lambda function to scan.
Usage: contrast lambda --function-name
Alias: -f
Options:
contrast lambda --function-name --endpoint-url
AWS Endpoint override. Similar to AWS CLI.
Alias: -e
contrast lambda --function-name --region
Region override. Defaults to AWS_DEFAULT_REGION. Similar to AWS CLI.
Alias: -r
contrast lambda --function-name --profile
AWS configuration profile override. Similar to AWS CLI.
Alias: -p
contrast lambda --function-name --json
Return response in JSON (versus default human-readable format).
Alias: -j
contrast lambda -–function-name -–verbose
Returns extended information to the terminal.
Alias: -v
contrast lambda -–function-name --list-functions
Lists all available lambda functions to scan.
contrast lambda --function-name -–help
Displays usage guide.
Alias: -h
Displays usage guide. To list detailed help for any CLI command, add the -h or --help flag to the command.
Usage: contrast scan --help
Alias: -h
Displays Contrast CLI version.
Usage: contrast version