Install an agent
Contrast uses agents to install sensors that monitor your code for vulnerabilities. Agents analyze for vulnerabilities in development environments and look for attacks in runtime production environments.
As your application runs, the agent analyzes information (such as HTTP requests, data flow, backend connections, and library dependencies) and sends vulnerabilities and attacks to Contrast where you can view, prioritize, and take immediate action on them.
Instrumenting an app with Contrast can be divided into a few phases, so these guides should get Contrast up and running on your application in just a few minutes so you can see how it works.
 |  |  |  |
Determine the method for installation from the options below. | Configure the agent to authenticate to your Contrast instance. | Make other configuration changes if needed. These are recommended configurations for an optimal Contrast experience. | Use your application as you usually would. Select Applications in Contrast. You should see the name of your application. |
Installation varies depending on the agent, which Contrast product(s) you are using, and where you want to install Contrast. For example, this could be:
On an application server or web server
In a build pipeline or container
In a Develop, QA, or Production environment
Once you see how it works there are many ways to modify this to suit your needs. You can explore Contrast Documentation for further information about how to adapt Contrast to your situation.
Tip
For future installations, you may want to consider your organization's build tools and deployment pipeline, your security goals and the environments where you want to use Contrast. You can read about other methods to install Contrast that may better adapt to your situation.
Java
View the installation and configuration workflows.
Install for executable JAR | Install to an app server | Install with build automation tool integrations | Install in a container | Install with cloud orchestration services | Install with infrastructure as code tools |
|---|---|---|---|---|---|
Install the agent in one application with a JAR file. Install with Maven Central, Debian, or RPM repositories. | Install the agent to an app server to provide security analysis for applications running in a test/QA or production environment. For JBoss/Wildfly. For Jetty. For Tomcat. For Weblogic. For Websphere. For Axis2. For Glassfish. | Install the agent with Contrast plugins to automate the installation. For Maven. For Gradle. For Bamboo. For Azure pipelines. For VMware Tanzu. | Install the agent in a container image or via a Kubernetes operator. Add the agent to the Docker base or application image. For OpenShift. Add the agent to Kubernetes pods via Contrast k8s operator. | Install the agent for Google App Engine. Install agent with AWS Elastic Beanstalk. | Install the agent with infrastructure as code tools |
You can also use the Contrast Java agent with Contrast Assess or Contrast SCA to analyze Scala-based applications or to analyze Kotlin-based applications.
.NET Framework
View the installation and configuration workflows.
Install with an installer | Install with Azure | Install in a container | Install with infrastructure as code tools |
|---|---|---|---|
Install with an agent installer for self-hosted applications or applications in IIS. | Install the agent with Azure App Service. | Install the agent in a container image. | Install the agent with infrastructure as code tools |
.NET Core
View the installation and configuration workflows.
Windows
Basic installation | Install with an installer | Install with Azure | Install in a container | Install with infrastructure as code tools |
|---|---|---|---|---|
Install the .NET Core agent with the basic install. | Install with an agent installer for self-hosted applications or applications in IIS. | Install the agent with the Azure App Service. Install the agent with Terraform. | Install the agent in a container image or via a Kubernetes operator. Add the agent to the Docker base or application image. Add the agent to Kubernetes pods via Contrast k8s operator. | Install the agent with infrastructure as code tools |
Linux
Basic installation | Install in a container |
|---|---|
Install the .NET Core agent with the basic install. | Install the agent in a container image. |
Node.js
View the installation and configuration workflows.
Basic installation | Install in a container | Install with Cloud deployment integrations | Install with infrastructure as code tools |
|---|---|---|---|
Install the Node agent with the basic install. | Install the agent in a container image. Add the agent to Kubernetes pods via Contrast k8s operator. | Install with IBM Cloud. Install with VMware Tanzu. | Install the agent with Ansible playbook for Contrast |
PHP
View the installation and configuration workflows.
Install by repository | Install in a container |
|---|---|
Add the agent to Kubernetes pods via Contrast k8s operator. |
Python
View the installation and configuration workflows.
Install with Contrast Runner | Install in a container | Install by middleware |
|---|---|---|
Install and instrument the Python agent with the Contrast Runner. | Add the agent to Kubernetes pods via Contrast k8s operator. | Install the Python agent with AIOHTTP, or Bottle, or Django, or Falco, or Fast API, or Flask, or Pyramid, or Quart, or WSGI middleware. |
Ruby
View the installation and configuration workflow.
Install by middleware |
|---|
Install the Ruby agent with Rails, or Sinatra, or Grape middleware. |
Go
View the installation and configuration workflow.
Install with an installer |
|---|
Install the Go agent with the Contrast installer. |