Run Contrast CLI
If you are an Enterprise Contrast user, you can use the Contrast CLI to run scans or find vulnerable libraries and view results in Contrast. If you are a CodeSec user, start here.
Before you begin
You must be a current Contrast user.
You must have the Contrast CLI installed.
Familiarize yourself with the Contrast CLI commands.
In Contrast, under user menu > User settings > Profile, locate and copy this information:
API key
Organization ID
Authorization header
Get the URL of your Contrast host domain. For example, https://app.contrastsecurity.com. (no trailing slash)
Steps
Authenticate.
Authenticate to store your credentials before scanning for vulnerabilities. Run the following
auth
command to store your credentials locally:contrast auth --api-key <your API key> --authorization <your authorization header> --host <your host domain> --organization-id <your organization ID>
Analyze.
Run a SAST scan:
In the terminal, type the following code:
contrast scan -f <file name>
.In the results click the link to view the scan results .
Find vulnerable libraries:
In the terminal, type the following code:
contrast audit
.If you used the
--track
flag with the audit command, click the link in the results to open the library view.
Find vulnerabilities in your AWS lambda functions:
In the terminal, type the following code:
contrast lambda--function-name [option]
.In the results, review any recommendations and update policies based on the provided information.