Skip to main content

Installation and authorization

Connect your GitHub account to see vulnerable third-party libraries. Once connected you can monitor PR summaries and triggers for analysis and view them here in Contrast.

Note

There is another method for monitoring vulnerabilities in Contrast. Integrate Contrast with Github to view vulnerabilities in projects.

Contrast and GitHub secrets

Contrast cannot read GitHub secrets even though the screen contains READ/WRITE secrets. This is only a readout of the token name.

You will need the following credentials from your Contrast account to create the secrets in GitHub. You can find them in Contrast under user menu > User settings > Profile.

  • API key (CONTRAST_API_KEY)

  • Organization ID (CONTRAST_ORGANIZATION_ID)

  • Authorization header (CONTRAST_AUTH_HEADER) 

You will also need the address of the Contrast installation to which your agent would like to report (CONTRAST_API_URL). Defaults to: https://app.contrastsecurity.com.

The Contrast Security GitHub App creates repository secrets and action variables for use in the workflow so results are sent to the correct Contrast account. Closing a PR requires manually deleting these secrets and variables. You can find the secrets and variables under the /settings/secrets/actions page of your GitHub account.

Before you begin

  • Make sure you have access to the Contrast web interface.

  • Make sure you are logged in to your GitHub account.

Steps

To install from within Contrast:

  1. Log in to Contrast and select Add New at the top right.

  2. Select the Connect GitHub option and click Next.

  3. On the install screen, select either to connect all the repositories or specific repositories.

  4. Enter the URL of your Contrast host domain. For example, https://app.contrastsecurity.com.

  5. Select Install and wait for the connection to be established between Contrast and GitHub.

  6. Select Authorize to finalize the connection and to onboard your repositories.

Once complete, you can view your repository analysis results on the Projects list.

To install from the GitHub Marketplace:

  1. Go to the Contrast Security GitHub app on the GitHub Marketplace.

  2. Select Install it for free.

  3. Follow the steps to install and connect Contrast with your repositories.

Once complete, you can view your repository analysis results on the Projects list.

In this section: