Skip to main content

Contrast Security GitHub App

Use the Contrast Security GitHub App (also known as Contrast Security SCA in the GitHub Marketplace) to scan GitHub repositories with Contrast. Detect vulnerable libraries with how-to-fix guidance, and automate your CI/CD to prevent risk, at an earlier step, in your team’s code.

How it works

For first-time use, sign in to Contrast, start connecting your GitHub account to Contrast and scan for library vulnerabilities in a repository.


Once connected and scanned you can view the results in the Projects list in Contrast.

You can also connect from the GitHub Marketplace with the Contrast Security GitHub App.

With this app, you can:

  • Scan a GitHub repository

  • Automate the security analysis of dependencies so that vulnerabilities can be detected and resolved during code review rather than after detection or exploitation in testing or production environments

  • Any commits to the default branch and PRs created to merge into the default branch will trigger the workflow file. In addition, you can manually trigger the workflow.

  • Users with edit, rules admin, or admin permissions will have access to the app