Java Quick Start Guide

Contrast uses agents to install sensors that monitor your code for vulnerabilities. Agents analyze for vulnerabilities in development environments and look for attacks in runtime production environments.

As your application runs, the agent analyzes information (such as HTTP requests, data flow, backend connections, and library dependencies) and sends vulnerabilities and attacks to Contrast where you can view, prioritize, and take immediate action on them.

This guide should get Contrast up and running on your application in just a few minutes, so you can see how it works.

Tip

For future installations, you may want to consider your organization's build tools and deployment pipeline, your security goals and the environments where you want to use Contrast. You can read about other methods to install Contrast that may better adapt to your situation.

Prerequisites

This guide assumes you use an application that meets these prerequisites:

The application must have access to the internet without using a proxy.
Your web application is packaged in a JAR file.
It must use supported versions, frameworks, and tools.

You will also need access to a command line interface (with a chosen directory for downloading the agent) and your organization's instance of Contrast.

Install

Start the Java agent wizard:
1. In the Contrast web interface, select Add new.
2. Select the Application card.
3. Select Java as the language.
4. Select an operating system.
Under Select application deployment method, select Install manually.
Copy the displayed command to download the agent from Maven Central.
To configure the agent, under Configure the agent, select Use Connection Token and copy the displayed commands to set this environment variable:
```
CONTRAST__API__TOKEN
```
Agent Token: This variable is a base64 encoded JSON object containing the url, api_key, service_key, and user_name configuration settings, allowing you to set them set in a single variable.
If your agent configuration refers to both the legacy settings and the agent token, (in environment variables or the YAML file), the legacy settings take precedence. To use just the agent token value, make sure you remove references to the legacy settings.
Legacy settings: If you are using a Java agent version earlier than 6.10.1, under Configure the agent, select Use API configuration, and copy the displayed commands to set these environment variables:
```
CONTRAST__API__URL
CONTRAST__API__API_KEY
CONTRAST__API__SERVICE_KEY
CONTRAST__API__USER_NAME
```
Under Configure application server, select an application server,
Copy the displayed commands to complete the configuration.
To verify that Contrast is working, use your application as you normally would. For example, click on your application's web interface, or send some API commands.
Then in the Contrast web interface, select Applications in the header. You should see the name of your application.
You can also select Server in the header and you should see the hostname of your (local) server listed here.

In this section:

Java Quick Start Guide

Tip

Prerequisites

Install

Search results