Skip to main content


Before you begin

Define a connection

To define a connection to Contrast in Jenkins:

  1. Select Manage Jenkins in the left sidebar of your Jenkins dashboard.

  2. Select Manage Plugins under System Configuration.

  3. Check to enable the Contrast Continuous Application Security plugin under the Installed tab.

  4. Select Manage Jenkins again.

  5. Select Configure System to find the Contrast Connections section.

  6. Enter your Contrast username. Your username is the email address you use for your account in Contrast.

  7. Enter the:

    •  Contrast API key

    • Contrast service key,

    • Contrast URL , and

    • Organization ID.

    You can find these in your profile under User settings > Profile > Your keys.

  8. Select a Result of a vulnerable build to choose how you want Contrast to mark your Jenkins job when your application is too vulnerable:

    • Failure

    • Unstable

    • Success

    • Not_built

    • Aborted

  9. Check the box next to Apply this vulnerable build result to the job when Jenkins encounters an error with Contrast if you want the Jenkins job to automatically fail whenever your Jenkins instance can't find your application.

  10. You can define the criteria that the Contrast plugin will use to determine whether an application is too vulnerable at the Jenkins system level. Check the box next to Allow global Contrast Vulnerability Threshold Conditions to be overridden in a Job configuration if you want job level controls to override system level controls. Leave the box unchecked if you want to enforce consistency of criteria across all Jenkins jobs in your instance.


    If you are using a job outcome policy to set security controls, those policies will override any policies set at the job level or system level.

  11. Click Test Contrast connection to make sure that the plugin can authenticate to Contrast and retrieve information about your applications' vulnerabilities.

    • A success message displays when plugin is authenticated.

    • If unsuccessful, check that the URL you received from Jira and the one you posted in Contrast are matching.

See also