Skip to main content

Install the Java agent

There are several ways to install the Java agent depending on your situation. You might want to consider where you want to use Contrast (for example, Assess in your development environment or Protect in your production environment), your existing build tools, and how your application is deployed.


If you are using multiple agent-based technologies in parallel with the Contrast Java agent, ensure that you specify the Contrast Java agent as the first agent that loads at startup. For example: 

java -javaagent:contrast.jar -javaagent:newrelic.jar

Loading the Contrast Java agent first helps to limit performance impacts.

Contrast and hot deployments

A hot deployment is the process of adding new components (such as WAR files, servlets, and JSP files) to a running server without having to stop and restart the application server process.

The Contrast agent continues to work during hot deployments and hot reloads with these considerations:

  • Contrast might not detect libraries that are added or removed dynamically during hot deployments.

  • Contrast cannot update session metadata during a hot deployment.

  • Some WebSphere users might experience issues.

If you encounter hot deployment issues, restart the application server.

Contrast and OpenTelemetry agents

If you plan to use an OpenTelemetry agent in the same environment as the Contrast agent, consider suppressing OpenTelemetry instrumentation of Contrast classes. Doing so prevents possible conflicts with Contrast agents.

To suppress OpenTelemetry instrumentation, add this exclusion as an environment variable:


Or a JVM option:


Quick start

Just want to try out the Java agent and see how it works? Check out this Java Quick Start Guide.

Basic installation

To install the Java agent in most situations (like in an application server like Tomcat, or a container like Docker), choose a repository and follow these instructions to download and install the agent:

Build-integrated installation

If you are using Assess in a development environment, and you want to set the build outcome in an existing software project if vulnerabilities are found, install the agent with: