Java agent

The Contrast Java agent adds either Contrast Assess or Contrast Protect analysis to Java based applications. The agent analyzes Java web applications built on traditional application servers, and newer Java web applications such as those built with Netty, Play or Spring Boot. If there's a JVM, the Java agent can get security insights.

As your application runs, the Java agent's sensors gather information about the application's security, architecture and libraries. You can see the results of the agent's analysis in Contrast.

To start analyzing an application, install the Java agent with the -javaagent JVM parameter. Substitute <YourContrastJarPath> for the path to your Contrast JAR file. For example:



Contrast JAR files are used for installation. The name of the JAR file and the path to its location may vary depending on your internal file structure and how you download the file.

If you download the file from Maven or a Linux package manager, it will be named contrast-agent.jar. It may also have the agent version and build numbers appended to the name, unless you strip them from the file name. If you download the files from Contrast, they are named contrast.jar.

When this documentation says "substitute <YourContrastJarPath> for the path to your Contrast JAR file", the path to your JAR may look like any of these examples:


You can: