Integration example: Assess and GitHub
The example in this topic uses the Java agent. You can adapt this procedure for other Contrast agents.
Before you begin
Find a GitHub workflow that executes tests.
Find where mvn is executed with a command similar to the following:
run : mvn -B clean install -Dmaven.gitcommitid.skip=true
Add Assess to a test with a command similar to the following:
-DargLine="-javaagent:/tmp/contrast.jar --add-opens java.base/sun.net.spi=ALL-UNNAMED"
The easiest method to download and configure an agent is to use the Add New agent wizard in the Contrast web interface for the language you want to use.
Steps
Download the agent with a command similar to the following:
curl -L https://download.java.contrastsecurity.com/latest -o contrast.jar
The Add New agent wizards in the Contrast web interface display the latest commands for downloading Contrast agents.
Configure the agent with this environment variable as a GitHub action secret in the GitHub
envworkflow:Note
The value of the environment variable is security sensitive, therefore configuring it as a secret is recommended.
env: # Setting an environment variable with the value of a configuration variable update test CONTRAST__ASSESS__ENABLED: true CONTRAST__PROTECT__ENABLED: false CONTRAST__API__TOKEN: <token-value>
You can retrieve the token value from the Contrast web interface under Organization settings > Agent keys or by using the Contrast agent configuration editor.
If you are using an older agent, configure these environment variables as GitHub action secrets:
env: # Setting an environment variable with the value of a configuration variable update test CONTRAST__API__URL: https://<yourURL>/Contrast CONTRAST__ASSESS__ENABLED: true CONTRAST__PROTECT__ENABLED: false CONTRAST__API__API_KEY: ${{ secrets.CONTRAST__API__API_KEY }} CONTRAST__API__SERVICE_KEY: ${{ secrets.CONTRAST__API__SERVICE_KEY }} CONTRAST__API__USER_NAME: ${{ secrets.CONTRAST__API__USER_NAME }}