Java Quick Start Guide
Contrast uses agents to install sensors that monitor your code for vulnerabilities. Agents analyze for vulnerabilities in development environments and look for attacks in runtime production environments.
As your application runs, the agent analyzes information (such as HTTP requests, data flow, backend connections, and library dependencies) and sends vulnerabilities and attacks to Contrast where you can view, prioritize, and take immediate action on them.
This guide should get Contrast up and running on your application in just a few minutes, so you can see how it works.
Tip
For future installations, you may want to consider your organization's build tools and deployment pipeline, your security goals and the environments where you want to use Contrast. You can read about other methods to install Contrast that may better adapt to your situation.
Prerequisites
This guide assumes you use an application that meets these prerequisites:
The application must have access to the internet without using a proxy.
Your web application is packaged in a JAR file.
It must use supported versions, frameworks, and tools.
You will also need access to a command line interface (with a chosen directory for downloading the agent) and your organization's instance of Contrast. If you don't already have Contrast, you can sign up for the Community Edition for free.
Install
Download the YAML configuration file from the agent wizard:
In the Contrast web interface, select Add new.
Select Java as the language
Select the installation method you want to use.
Get the Java agent
Select Download the YAML configuration file. The file downloads locally and contains the specific agent keys for your organization that connect your application to Contrast.
To configure the agent, open the YAML configuration file in an editor.
Tip
Use the Contrast agent configuration editor to make customization of the YAML file easier.
api: url: https://xxx.contrastsecurity.com/Contrast api_key: A2xxxxxxxxxxxxxxxxxxxxxxxxxxxG9N service_key: 88xxxxxxxxxxxx5Z user_name: agent_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx@OrgName
Tell the agent where to find your YAML configuration file by entering this command in your command line interface.
java -javaagent:./contrast.jar -Dcontrast.config.path=contrast_security.yaml -jar <ApplicationJarPath>
Be sure to replace
<ApplicationJarPath>
with the path to your application. For example:./MyApplication.jar
To verify that Contrast is working, use your application as you normally would. For example, click on your application's web interface, or send some API commands.
Then in the Contrast web interface, select Applications in the header. You should see the name of your application.
You can also select Server in the header and you should see the hostname of your (local) server listed here.