Install the Java agent

There are several ways to install the Java agent depending on your situation. You might want to consider where you want to use Contrast (for example, Assess in your development environment or Protect in your production environment), your existing build tools, and how your application is deployed.

Build-integrated installation

If you are using Assess in a development environment, and you want to fail the build in an existing software project if vulnerabilities are found, install the agent with:

Environment-based installation

If you want to provide security analysis for applications that are running in a test/QA or production environment, install the agent with:

Tip

Check the Contrast Support Portal for more information about other compatible ways to install the agent using tools like Pivotal Cloud Foundry (now VMware Tanzu).

Manual installation

To install the Java agent in any other situation, use these instructions:

  1. Download the Java agent JAR from one of these repositories:

  2. Substitute <YourContrastJarPath> with the path to your Contrast JAR and <AppName> with the name of your application. Then add a JVM parameter to install the Java agent.

    java -javaagent:<YourContrastJarPath> -jar <AppName>.jar

    Note

    Contrast JAR files are used for installation. The name of the JAR file and the path to its location may vary depending on your internal file structure and how you download the file.

    If you download the file from Maven or a Linux package manager, it will be named contrast-agent.jar. It may also have the agent version and build numbers appended to the name, unless you strip them from the file name. If you download the files from Contrast, they are named contrast.jar.

    When this documentation says "substitute <YourContrastJarPath> for the path to your Contrast JAR file", the path to your JAR may look like any of these examples:

    /opt/contrast/contrast-agent.jar
    ~/contrast/contrast-agent.3.7.11.17825.jar
    ~/Downloads/contrast.jar
  3. Set basic configuration (like authentication, whether you are using Assess or Protect, and whether you are using standalone or multi-tenant application) to ensure the agent communicates between your application and Contrast.

  4. Use the application as you normally would and verify that Contrast sees your application.