Register applications with the Contrast CLI
Once you install the Contrast CLI you must first register applications in order to see the results in Contrast.
Tip
You may want to invoke the Contrast CLI as part of your automated build process.
Locate your application ID. The application ID is the last URI segment in the Contrast URL in your browser.
Locate your keys. You will need:
API key
Organization ID
Authorization header
Server host name from the Contrast URL
Note
You only need to enter the server host name. For example, if the Contrast URL is https://app.contrastsecurity.com/file/path/, just enter:
--host app.contrastsecurity.com
To begin analysis, use one of these options:
Replace <APIKey>, <AuthorizationKey>, <OrganizationID>, <Host> and <ApplicationID> with your API key, authorization header, Organization ID, host name and application ID, then run the CLI.
contrast-cli \ --api_key <APIKey> \ --authorization <AuthorizationKey> \ --organization_id <OrganizationId> \ --host <Host> \ --application_id <ApplicationId>
Place credentials within a YAML file, using the same replacements:
cli: api_key: <APIKey> authorization: <AuthorizationKey> organization_id: <OrganizationId> host: <Host> application_id: <ApplicationId>
Replace <path/to/yaml> with your YAML path, and run this command to initiate:
contrast-cli --yaml_path <path/to/yaml>
Note
If you need to go through a communication protocol like Transport Layer Security (TLS) for example add the following parameters to the YAML file:
key: pathToKey cert: pathToCert cacert: pathToCaCert
After you see a success message, you are ready to view the dependency tree.
Tip
It is possible to add a new application to Contrast without instrumenting the application by using the --catalogue_application
and --application_name
options. However, it is best to instrument the application so that the library score and library grid are populated in Contrast.
For example:
contrast-cli \ --catalogue_application \ --api_key <YourApiKey> \ --authorization <YourAuthorizationKey> \ --organization_id <YourOrganizationID> \ --host <YourHost> \ --application_name <YourApplicationName> \ --language <YourApplicationLanguage>
Replace <APIKey> with your API key, <AuthorizationKey> with the authorization header, <OrganizationID> with your organization ID, <Host> with your host name, <ApplicationName> with your application name, and <ApplicationLanguage> with your application language. Allowable language values are JAVA, DOTNET, NODE, PHP, PYTHON, RUBY, and GO.
You will know the catalogue operation was successful if an application ID is displayed in the console.
Note
You can also register an application and create an SBOM report at the same time with a set of CLI commands.