Skip to main content

Get started with Contrast Serverless for AWS

To start using Contrast Serverless, open Contrast and connect to your AWS account to create a new stack.

Before you begin
  • Have your AWS account information available.

  • Minimum permissions required to deploy/update/delete a Contrast Serverless stack.

  1. In the Contrast application, select Add New at the top of the page.

    This image shows the Add new button
  2. Select the Serverless card.

    Image shows the card you select for Serverless set up.
  3. Select the AWS option under the Cloud provider section.

  4. (Optional) Specify scan settings:

    • Inventory: Inventory consists of the functions that you want Contrast to scan.

      The default value is to scan all functions in your AWS account.

    • Initial scan: This setting determines actions that Contrast takes to scan your functions.

      Static analysis

      Dynamic analysis


      • Least Privilege: Detects unused permissions. For Java, .NET Core 6, .NET Core 7, Node.js, and Python.

      • CVEs: Detects vulnerable dependencies. For Java, .NET Core 6, .NET Core 7, Node.js, and Python.

      • SAST: Detects custom-code vulnerabilities. For Java.

      • Malware: Detects malicious files. For Python.


      • The stress testing of an application to detect any possible vulnerabilities.

      • The Instrumented Dynamic analysis option enables Contrast Serverless to find function exploits in the entire account environment and across all services. See Scan types and monitoring for more information. To get the analysis fully configured for your accounts, follow the steps under the Instrumented Dynamic Scan Instructions section. For Node.js and Python.

    • Deployment: Deploy with a new stack in AWS or download the CFT to use in your pipeline.

    You can change these settings at any time in the Settings tab.

  5. Select Create new stack.

  6. On the displayed AWS page, enter your account information and select Create stack. Alternatively, you can download a CloudFormation template and use it in your development pipeline.

    This action connects to the AWS CloudFormation Stacks console for your account and starts the first scan.

  7. Approve the stack deployment in your account.

    The stack deployment takes approximately two minutes to complete.

  8. Return to the Contrast application and verify that the Account is connected and the Scan started messages are displayed.

  9. To view details about functions and scan results, select function in the Account connected message or select the Serverless tab.

Next steps