Skip to main content

Install the Go agent

The Go agent uses a tool called contrast-go to inject instrumentation into your applications at build time. When you run an instrumented application, the Go agent automatically starts and monitors the application’s execution to detect vulnerabilities.

Tip

To see a list of available flags with command line arguments for contrast-go, type contrast-go -h.

Steps

  1. Install contrast-go with the installer:

    go run github.com/contrast-security-oss/contrast-go-installer@latest latest
  2. Build your application with contrast-go:

    contrast-go build -o output-name-of-application
  3. Configure the Go agent using the Go YAML template or environment variables.

  4. Run your application using the executable you generated in step 2.

  5. Exercise and test your application.

  6. Use the Contrast web interface to explore findings that the agent reports, such as vulnerabilities and library usage information.

    By default, your application name is based on the application’s Go module. Use search in the Applications list to quickly find your application.