Skip to main content

Create custom fields to request application metadata

You can configure requests for custom metadata that is collected whenever you add a new application to Contrast.

When you install and configure an agent, you are prompted to enter metadata for the fields you create and to add the information in the agent configuration file. The metadata is then displayed in the Applications list, where you can also use it to filter applications, and the application's Details page in the Contrast web interface.


The following agent versions support custom metadata fields:

  • Java and later

  • .NET 18.10.35 and later

  • Node 1.35.0

  • Python 1.2.0

  • Ruby 2.0.8


The data supplied in the custom fields are required for Agent configuration and YAML file download. The downloads will be disabled without the data.

Before you begin

  • An Organization Administrator role is required.


  1. Under organization settings, select Applications.

  2. Under Custom fields, for each field enter:

    • Field type: Freeform, Numeric or Point of contact. The type of field determines the type of validation.

    • Name: Enter a label for this field.

      To ensure compatibility with the Contrast APIs, use lower camel-case formatting for custom field names. For example, use businessID, not BusinessID or Business ID.

    • Value condition: Use the checkbox to indicate whether the metadata value provided should be Required or Unique.

  3. Select Add field to complete as many rows as needed.

  4. As you provide information for each field, you will see the formatted property that you can copy and paste into your agent configuration files. Add the information for each key=value pair to the agent configuration file.

  5. To prevent reporting of data for applications that don't include all required fields, select Restrict applications missing required fields. This option applies to new and existing applications in the organization.

    When you select this option, the Contrast web interface displays a warning message if an application is missing a required field in the agent configuration file. The Contrast web interface displays the application, however, the agent reports no data for it, including exercised routes and vulnerabilities.

    If you choose not to restrict applications, any application missing a required field is successfully added and the agent reports data. Contrast displays a warning message that one or more fields are missing.