Skip to main content

Create requests for application metadata

You can configure requests for application metadata that is collected whenever you add a new application to Contrast.

When you install and configure an agent, you are prompted to enter metadata for the fields you create and to add the information in the agent configuration file. The metadata is then displayed in the Applications list, where you can also use it to filter applications, and the application's Details page in the Contrast web interface.

Note

The following agent versions support application metadata fields:

  • Java 3.5.6.591 and later

  • .NET 18.10.35 and later

  • Node 1.35.0

  • Python 1.2.0

  • Ruby 2.0.8

Important

The data supplied for application metadata is required for Agent configuration and YAML file download. The downloads will be disabled without the data.

Steps

  1. Under organization settings, select Applications.

  2. Under Application metadata, for each field enter:

    • Field type: Freeform, Numeric or Point of contact. The type of field determines the type of validation.

    • Name: Enter a label for this field.

      To ensure compatibility with the Contrast APIs, use lower camel-case formatting for application metadata names. For example, use businessID, not BusinessID or Business ID.

    • Value condition: Use the checkbox to indicate whether the metadata value provided should be Required or Unique.

  3. Select Add field to complete as many rows as needed.

  4. As you provide information for each field, you will see the formatted property that you can copy and paste into your agent configuration files. Add the information for each key=value pair to the agent configuration file.

  5. To prevent reporting of data for applications that don't include all required fields, select Restrict applications missing required fields. This option applies to new and existing applications in the organization.

    When you select this option, the Contrast web interface displays a warning message if an application is missing a required field in the agent configuration file. The Contrast web interface displays the application, however, the agent reports no data for it, including exercised routes and vulnerabilities.

    If you choose not to restrict applications, any application missing a required field is successfully added and the agent reports data. Contrast displays a warning message that one or more fields are missing.