Contrast Security GitHub App
Use the Contrast Security GitHub App (also known as Contrast Security SCA in the GitHub Marketplace) to scan GitHub repositories with Contrast. Detect vulnerable libraries with how-to-fix guidance, and automate your CI/CD to prevent risk, at an earlier step, in your team’s code.
How it works
For first-time use, sign in to Contrast, start connecting your GitHub account to Contrast and scan for library vulnerabilities in a repository.
Click the GitHub icon to use the Contrast Security GitHub App to connect with Contrast.
Once connected and scanned you can view the results in the Projects list in Contrast.
You can also connect from the GitHub Marketplace with the Contrast Security GitHub App.
With this app, you can:
Scan a GitHub repository
Automate the security analysis of dependencies so that vulnerabilities can be detected and resolved during code review rather than after detection or exploitation in testing or production environments
Any commits to the default branch and PRs created to merge into the default branch will trigger the workflow file. In addition, you can manually trigger the workflow.
Users with edit, rules admin, or admin permissions will have access to the app