Install an agent
Contrast uses agents to install sensors that monitor your code for vulnerabilities. Agents analyze for vulnerabilities in development environments and look for attacks in runtime production environments.
As your application runs, the agent analyzes information (such as HTTP requests, data flow, backend connections, and library dependencies) and sends vulnerabilities and attacks to Contrast where you can view, prioritize, and take immediate action.
Instrumenting an app with Contrast can be divided into several phases. These guides should enable you to get Contrast up and running on your application in just a few minutes, allowing you to see how it works.
 |  |  |  |
Select the installation method from the options below. Select the operating system and the deployment method. | Configure the agent to authenticate to your Contrast instance. The generated Agent Key will contain an embedded, encoded API key. | Make other configuration changes, like adding environment variables, if needed. These are recommended configurations for an optimal Contrast experience. | Use your application as you usually would. Select Applications in Contrast. You should see the name of your application. |
Installation varies depending on the agent, the Contrast product(s) you are using, and where you want to install Contrast. For example, this could be:
On an application server or web server
In a build pipeline or container
In a Develop, QA, or Production environment
Once you see how it works, there are many ways to modify this to suit your needs. You can explore Contrast Documentation for further information about how to adapt Contrast to your situation.
Tip
For future installations, consider your organization's build tools and deployment pipeline, your security goals and the environments where you want to use Contrast. You can read about other methods to install Contrast that may better adapt to your situation.
Java
View the installation and configuration workflows.
Install for executable JAR | Install to an app server | Install with build automation tool integrations | Install in a container | Install with cloud orchestration services | Install with infrastructure as code tools |
|---|---|---|---|---|---|
Install the agent in one application with a JAR file. Install with Maven Central, Debian, or RPM repositories. | Install the agent to an app server to provide security analysis for applications running in a test/QA or production environment. For JBoss/Wildfly. For Jetty. For Tomcat. For Weblogic. For Websphere. For Axis2. For Glassfish. | Install the agent with Contrast plugins to automate the installation. For Maven. For Gradle. For Bamboo. For Azure pipelines. For VMware Tanzu. | Install the agent in a container image or via a Kubernetes operator. Add the agent to the Docker base or application image. For OpenShift. Add the agent to Kubernetes pods via Contrast k8s operator. | Install the agent for Google App Engine. Install agent with AWS Elastic Beanstalk. | Install the agent with infrastructure as code tools. |
You can also use the Contrast Java agent with Contrast Assess or Contrast SCA to analyze Scala-based applications or to analyze Kotlin-based applications.
.NET Framework
View the installation and configuration workflows.
Install with an installer | Install with Azure | Install in a container | Install with infrastructure as code tools |
|---|---|---|---|
Install with an agent installer for self-hosted applications or applications in IIS. | Install the agent with Azure App Service. | Install the agent in a container image. | Install the agent with infrastructure as code tools. |
.NET Core
View the installation and configuration workflows.
Windows
Basic installation | Install with an installer | Install with Azure | Install in a container | Install with infrastructure as code tools |
|---|---|---|---|---|
Install the .NET Core agent with the basic install. | Install with an agent installer for self-hosted applications or applications in IIS. | Install the agent with the Azure App Service. Install the agent with Terraform. | Install the agent in a container image or via a Kubernetes operator. Add the agent to the Docker base or application image. Add the agent to Kubernetes pods via Contrast k8s operator. | Install the agent with infrastructure as code tools. |
Linux
Basic installation | Install in a container |
|---|---|
Install the .NET Core agent with the basic install. | Install the agent in a container image. |
Node.js
View the installation and configuration workflows.
Basic installation | Install in a container | Install with Cloud deployment integrations | Install with infrastructure as code tools |
|---|---|---|---|
Install the Node agent with the basic install. | Install the agent in a container image. Add the agent to Kubernetes pods via Contrast k8s operator. | Install with IBM Cloud. Install with VMware Tanzu. | Install the agent with Ansible playbook for Contrast. |
PHP
View the installation and configuration workflows.
Install by repository | Install in a container | Install to an app server |
|---|---|---|
Install the PHP agent with the Debian or RPM or Amazon Linux 2023 repository. | Add the agent to Kubernetes pods via Contrast k8s operator. | Install PHP agent on a Lando application server. |
Python
View the installation and configuration workflows.
Install with Contrast Runner | Install in a container |
|---|---|
Install and instrument the Python agent with the Contrast Runner. | Add the agent to Kubernetes pods via Contrast k8s operator. |
Ruby
Important
The Ruby Agent is not currently being sold to new customers. Please contact our Sales team if you have any questions about our offerings and support for the Ruby language.
View the installation and configuration workflow.
Install by middleware |
|---|
Install the Ruby agent with Rails or Sinatra middleware. |
Go
View the installation and configuration workflow.
Install with an installer |
|---|
Install the Go agent with the Contrast installer. |