Skip to main content

Java Quick Start Guide

Contrast uses agents to install sensors that monitor your code for vulnerabilities. Agents analyze for vulnerabilities in development environments and look for attacks in runtime production environments.

As your application runs, the agent analyzes information (such as HTTP requests, data flow, backend connections, and library dependencies) and sends vulnerabilities and attacks to Contrast where you can view, prioritize, and take immediate action on them.

This guide should get Contrast up and running on your application in just a few minutes, so you can see how it works.


For future installations, you may want to consider your organization's build tools and deployment pipeline, your security goals and the environments where you want to use Contrast. You can read about other methods to install Contrast that may better adapt to your situation.


This guide assumes you use an application that meets these prerequisites:

You will also need access to a command line interface (with a chosen directory for downloading the agent) and your organization's instance of Contrast. If you don't already have Contrast, you can sign up for the Community Edition for free.


  1. Download the agent JAR file from Maven Central.

  2. Download the YAML configuration file from the agent wizard (if you haven't already done so). To do this, in the Contrast application, select Add new.

    This image shows the Add new button

    Select the Application card, select Java as your language, and then select Download YAML configuration file. The file will download locally and will contain the specific agent keys for your organization that will connect your application to Contrast.

  3. To configure the agent, open the YAML configuration file in an editor.

      api_key: A2xxxxxxxxxxxxxxxxxxxxxxxxxxxG9N
      service_key: 88xxxxxxxxxxxx5Z
      user_name: agent_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx@OrgName
  4. Tell the agent where to find your YAML configuration file by entering this command in your command line interface.

    java -javaagent:./contrast.jar -Dcontrast.config.path=contrast_security.yaml -jar <ApplicationJarPath>

    Be sure to replace <ApplicationJarPath> with the path to your application. For example: ./MyApplication.jar

  5. To verify that Contrast is working, use your application as you normally would. For example, click on your application's web interface, or send some API commands.

    Then in the Contrast web interface, select Applications in the header. You should see the name of your application.

    You can also select Server in the header and you should see the hostname of your (local) server listed here.