Scan (beta)

Contrast Scan is a static application security testing (SAST) tool that makes it easy for you to find and remediate vulnerabilities. It is a valuable tool to use during the development phase of an application.

To scan an application, you upload binary code to a Contrast secure environment. After you upload the code, you start the scan. The scan observes the data flows in the source code and identifies coding flaws that could allow malicious attacks. Some examples of these malicious attacks include SQL Injections, command Injections, and server-side Injections,

The scan results identify vulnerabilities in custom code. After fixing these issues, running the scan again verifies that the code changes removed one or more vulnerabilities.

No open source code or libraries are included in the scan.

Scan functionality

  • Ability to create scan groups that enable you to track scan results.

  • Scan settings that let you change the name of a scan and the method for discovering custom code.

  • Starting or stopping scans

  • Views of identified vulnerability details

  • Ability to run a scan again for a specific scan group after you revise your code.

  • Monitoring of scan progress and history

Supported languages

Scan supports the following languages:

  • Java (for example: J2EE, JSP, Spring MVC, and so forth

    • Binary files only

  • JavaScript client side (React).

    • Bundled code