Skip to main content

Legacy Contrast CLI


Legacy Contrast CLI will be deprecated as of October 2022. We encourage you to begin using the new Contrast CLI.

Use the Contrast command line interface (CLI) to analyze libraries at the earliest stage of the software development life cycle (SDLC).

The Contrast CLI runs on Node.js but can be used on any application to provide composition analysis capabilities at the command line. For details about the supported platforms and languages, see the Contrast CLI supported languages page.

With this composition analysis you can:

  • Identify vulnerable libraries

  • Fail a build based on CVE severity

  • View a dependency tree to understand the dependencies between libraries and where vulnerabilities have been introduced

  • Identify node.js libraries at risk for dependency confusion

  • Generate SBOM

Contrast does this by supplementing existing runtime instrumentation from Contrast agents, with data from pre-compile analysis (typically not available at runtime).

Install the Contrast CLI so you can register new applications and begin analyzing your libraries during the development phase using the command line options.