Java Quick Start Guide

Contrast uses agents to install sensors that that monitor your code for vulnerabilities. Agents analyze for vulnerabilities in development environments and look for attacks in run-time production environments.

As your application runs, the agent analyzes information (such as HTTP requests, data flow, backend connections, and library dependencies) and sends vulnerabilities and attacks to Contrast where you can view, prioritize, and take immediate action on them.

This guide should get Contrast up and running on your application in just a few minutes, so you can see how it works.

Tip

For future installations, you may want to consider your organization's build tools and deployment pipeline, your security goals and the environments where you want to use Contrast. You can read about other methods to install Contrast that may better adapt to your situation.

Prerequisites

This guide assumes you use an application that meets these prerequisites:

You will also need access to a command line interface (with a chosen directory for downloading the agent) and your organization's instance of Contrast. If you don't already have Contrast, you can sign up for the Community Edition for free.

Install

  1. Use this command to download the agent JAR file from Maven Central. From your command line interface, enter this curl request to pull down the latest version of the agent to your current directory.

    curl -L 'https://repository.sonatype.org/service/local/artifact/maven/redirect?r=central-proxy&g=com.contrastsecurity&a=contrast-agent&v=LATEST' -o contrast.jar

    Once complete, you should see the contrast.jar file in your current directory. (For example: ./contrast.jar)

  2. Download the YAML configuration file from the agent wizard (if you haven't already done so). To do this, in the Contrast application, select Add new.

    This image shows the Add new button

    Select Java as your language, then select Download YAML configuration file. The file will download locally and will contain the specific agent keys for your organization that will connect your application to Contrast.

  3. To configure the agent, open the YAML configuration file in an editor. In addition to the pre-populated authentication keys, add the agent.java.standalone_app_name property. This property assigns the name of your application as you'd like to see it in Contrast. In this example, replace <MyAppName> with the name you'd like to use:

    api:
      url: https://xxx.contrastsecurity.com/Contrast
      api_key: A2xxxxxxxxxxxxxxxxxxxxxxxxxxxG9N
      service_key: 88xxxxxxxxxxxx5Z
      user_name: agent_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx@OrgName
    agent:
      java:
        standalone_app_name: <MyAppName>
    
  4. Tell the agent where to find your YAML configuration file by entering this command in your command line interface.

    java -javaagent:./contrast.jar -Dcontrast.config.path=contrast_security.yaml -jar <ApplicationJarPath>

    Be sure to replace <ApplicationJarPath> with the path to your application. For example: ./MyApplication.jar

  5. To verify that Contrast is working, use your application as you normally would. For example, click on your application's web interface, or send some API commands.

    Then in the Contrast web interface, select Applications in the header. You should see the name of your application (In this example, “MyAppName” should appear in the list of applications.)

    You can also select Server in the header and you should see the hostname of your (local) server listed here.