Skip to main content

Contrast Scan local engine

The Contrast Scan local engine lets you scan your application using Docker CLI commands or a Java JAR file instead of the Contrast CLI or the Contrast web interface. When a scan completes successfully, the Scan local engine uploads the results to the Contrast platform where you can view them. The uploaded files include:

  • Scan results in Static Analysis Results Format (SARIF) in a JSON file.

  • Output from the scan in a LOG file.

This method of scanning is useful if you want to scan files locally without uploading them to the Contrast platform.

Supported platforms

The Scan local engine is supported for Linux systems and in a Docker container.

Proxy server settings for local scans

For security purposes, you might want to use a proxy server for communication between the local scan engine and the Contrast platform. Use the following environment variables to enable a proxy server when you run a local scan:

Variable

Description

CONTRAST__API__PROXY__ENABLE

Enables proxy settings.

CONTRAST__API__PROXY__URL

Required.

The URL for the proxy server (for example,  http://host:port)

CONTRAST__API__PROXY__TYPE

Required.

The proxy server type (for example, BASIC)

CONTRAST__API__PROXY__USERNAME

Optional.

Username for the proxy server

CONTRAST__API__PROXY__PASSWORD

Optional.

Password for the proxy server

Scan process

To use the Scan local engine:

  1. Decide how you want to run the local scan:

  2. Decide if you want to use a proxy server for uploading results.

  3. Run the scan on a local system.

  4. View results in the Contrast web interface.