Java Quick Start Guide
Contrast uses agents to install sensors that monitor your code for vulnerabilities. Agents analyze for vulnerabilities in development environments and look for attacks in runtime production environments.
As your application runs, the agent analyzes information (such as HTTP requests, data flow, backend connections, and library dependencies) and sends vulnerabilities and attacks to Contrast where you can view, prioritize, and take immediate action on them.
This guide should get Contrast up and running on your application in just a few minutes, so you can see how it works.
Tip
For future installations, you may want to consider your organization's build tools and deployment pipeline, your security goals and the environments where you want to use Contrast. You can read about other methods to install Contrast that may better adapt to your situation.
Prerequisites
This guide assumes you use an application that meets these prerequisites:
The application must have access to the internet without using a proxy.
Your web application is packaged in a JAR file.
It must use supported versions, frameworks, and tools.
You will also need access to a command line interface (with a chosen directory for downloading the agent) and your organization's instance of Contrast. If you don't already have Contrast, you can sign up for the Community Edition for free.
Install
Download the YAML configuration file from the agent wizard (if you haven't already done so). To do this, in the Contrast application, select Add new.
Select the Application card, select Java as your language, and then select Download YAML configuration file. The file will download locally and will contain the specific agent keys for your organization that will connect your application to Contrast.
To configure the agent, open the YAML configuration file in an editor.
api: url: https://xxx.contrastsecurity.com/Contrast api_key: A2xxxxxxxxxxxxxxxxxxxxxxxxxxxG9N service_key: 88xxxxxxxxxxxx5Z user_name: agent_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx@OrgName
Tell the agent where to find your YAML configuration file by entering this command in your command line interface.
java -javaagent:./contrast.jar -Dcontrast.config.path=contrast_security.yaml -jar <ApplicationJarPath>
Be sure to replace
<ApplicationJarPath>
with the path to your application. For example:./MyApplication.jar
To verify that Contrast is working, use your application as you normally would. For example, click on your application's web interface, or send some API commands.
Then in the Contrast web interface, select Applications in the header. You should see the name of your application.
You can also select Server in the header and you should see the hostname of your (local) server listed here.