Skip to main content

Java Quick Start Guide

Contrast uses agents to install sensors that monitor your code for vulnerabilities. Agents analyze for vulnerabilities in development environments and look for attacks in runtime production environments.

As your application runs, the agent analyzes information (such as HTTP requests, data flow, backend connections, and library dependencies) and sends vulnerabilities and attacks to Contrast where you can view, prioritize, and take immediate action on them.

This guide should get Contrast up and running on your application in just a few minutes, so you can see how it works.

Tip

For future installations, you may want to consider your organization's build tools and deployment pipeline, your security goals and the environments where you want to use Contrast. You can read about other methods to install Contrast that may better adapt to your situation.

Prerequisites

This guide assumes you use an application that meets these prerequisites:

You will also need access to a command line interface (with a chosen directory for downloading the agent) and your organization's instance of Contrast. If you don't already have Contrast, you can sign up for the Community Edition for free.

Install

  1. Download the agent JAR file from Maven Central.

  2. Download the YAML configuration file from the agent wizard:

    This image shows the Add new button
    1. In the Contrast web interface, select Add new.

    2. Select Java as the language

    3. Select the installation method you want to use.

    4. Get the Java agent

    5. Select Download the YAML configuration file. The file downloads locally and contains the specific agent keys for your organization that connect your application to Contrast.

  3. To configure the agent, open the YAML configuration file in an editor.

    Tip

    Use the Contrast agent configuration editor to make customization of the YAML file easier.

    api:
      url: https://xxx.contrastsecurity.com/Contrast
      api_key: A2xxxxxxxxxxxxxxxxxxxxxxxxxxxG9N
      service_key: 88xxxxxxxxxxxx5Z
      user_name: agent_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx@OrgName
    
  4. Tell the agent where to find your YAML configuration file by entering this command in your command line interface.

    java -javaagent:./contrast.jar -Dcontrast.config.path=contrast_security.yaml -jar <ApplicationJarPath>

    Be sure to replace <ApplicationJarPath> with the path to your application. For example: ./MyApplication.jar

  5. To verify that Contrast is working, use your application as you normally would. For example, click on your application's web interface, or send some API commands.

    Then in the Contrast web interface, select Applications in the header. You should see the name of your application.

    You can also select Server in the header and you should see the hostname of your (local) server listed here.