Skip to main content

Integration of Contrast in CI/CD pipelines

Integrating Contrast AST with your existing continuous integration/continuous delivery (CI/CD) pipelines provides application security analysis while your existing automated tests are running. This pipeline integration adds capabilities to your pipeline such as security gates for failing pipelines with critical vulnerabilities.

There are many Contrast plugins available for different pipelines and for different use cases. This guide is an describes the Contrast capabilities. The CI/CD example walk through describes how you can use these capabilities and Contrast plugins to build application security testing into your existing pipelines.

Integration capabilities

Deploying Contrast in CI/CD and testing environments provides the quickest time to value by automating security testing in your established developer workflows. You can:

  • Deploy Contrast agents to the testing environments where automated testing runs to get security analysis and insights based on your existing tests.

  • Use Contrast C/ICD integrations to create security gates that prevent vulnerable code from being merged to the main branch.

  • Set policies that allow you to set thresholds for the number, severity, and type of vulnerabilities you'll allow before failing the pipeline run.

  • Since the pipeline is a reproducible set of tests, you can use Contrast to automatically unblock the pipeline if a developer has remediated an issue in a subsequent run.

  • Use integrations with issue boards to automatically create tickets for vulnerabilities across a variety of platforms.

  • Implement standard webhooks to comment on vulnerability information to a pull request.

  • Use Contrast APIs for more advanced use cases. For example, you can use tge API to check that route coverage metrics never drop between pipeline runs. This action ensures that no one can add new functionality to an application without corresponding test coverage.

See also

Contrast CI/CD example walk through