Skip to main content

Run Contrast CLI

If you are an Enterprise Contrast user, you can use the Contrast CLI to run scans or find vulnerable libraries and view results in Contrast. If you are a CodeSec user, start here.

Before you begin

  • You must be a current Contrast user.

  • You must have the Contrast CLI installed.

  • Familiarize yourself with the Contrast CLI commands.

  • In Contrast, under user menu > User settings > Profile, locate and copy this information:

    • API key

    • Organization ID

    • Authorization header

  • Get the URL of your Contrast host domain. For example, https://app.contrastsecurity.com. (no trailing slash)

Steps

  1. Authenticate.

    Authenticate to store your credentials before scanning for vulnerabilities. Run the following auth command to store your credentials locally:

    contrast auth
    --api-key <your API key> 
    --authorization <your authorization header> 
    --host <your host domain> 
    --organization-id <your organization ID> 
  2. Analyze.

    • Run a SAST scan:

      1. In the terminal, type the following code: contrast scan -f <file name>.

      2. In the results click the link to view the scan results .

    • Find vulnerable libraries:

      1. In the terminal, type the following code: contrast audit.

      2. If you used the --track flag with the audit command, click the link in the results to open the library view.

    • Find vulnerabilities in your AWS lambda functions:

      1. In the terminal, type the following code: contrast lambda--function-name [option].

      2. In the results, review any recommendations and update policies based on the provided information.