Skip to main content

Contrast IntelliJ plugin

Use the IntelliJ plugin to see vulnerability information for instrumented applications from the IntelliJ IDE.

The plugin directs you to the affected line of code inside IntelliJ, and you can view more details in the Contrast console. This way, developers can get application security feedback at the time of development for faster remediation.

The plugin supports IntelliJ versions 2017.1.5 and later.


Integrations are to be used with Contrast Assess.

Install, configure, and use the IntelliJ plugin:

  1. For Windows, go to File > Settings > Plugins > Browse Repositories.

    For OSX, go to Preferences > Plugins > Search in Repositories.

  2. Search for Contrast Security.

  3. Select Install.

  4. For Windows, go to File > Settings > Contrast.

    For OSX, go to Preferences > Other settings > Contrast.

  5. Enter the Contrast URLUsernameService keyAPI key, and Organization ID. You can find these in your profile.

  6. Select Add to add a new organization.

  7. Select Refresh in the Contrast window to update the list of vulnerabilities. The Vulnerabilities view in IntelliJ shows a list of all the vulnerabilities from Contrast.

    To sort vulnerabilities, select the column header. Select the funnel icon to use a filter. Select the name of a vulnerability to see more details.

Configure the Java agent for IntelliJ

To add the Contrast agent to an application using IntelliJ IDE's supported application servers:

  1. Click Run in the application toolbar, and then click the Edit Configuration menu item from the drop-down menu.

  2. Select the IntelliJ Server configuration instance.

  3. Select the Server tab, and enter the Contrast launcher string in VM Options-javaagent:<YourContrastJarPath>. Substitute <YourContrastJarPath> with the path to your Contrast JAR.

  4. Click Apply and then click OK.

  5. Start the Server.

    A Contrast startup message should appear in the Server console. (Allow one to two extra minutes for server startup.)

  6. Navigate to your application and allow an extra minute for it to start up.