Scan types and monitoring

This scan automatically scans, in close to real-time, relevant static code and configuration assessments to discover new vulnerabilities in the following categories:

The scan has no permanent effect on your code.

This scan type looks at dynamic assessments based on a specific update introduced to the tested environment. These scans are invoked with S3, API Gateway, and Dynamo DB functions.

It executes automatically, close to real-time, providing dynamic assessments, based on the specific update introduced to the tested environment. The dynamic scans are based on the interpretation of the OWASP Top 10 benchmark. For example:

During a dynamic scan, Contrast tries to send malicious input to the code and then, exercises the code to discover vulnerabilities. This action does not affect your code, however, a scanned function is invoked.

Instrumented Dynamic analysis

This option is recommended for selection when specifying scan settings.

In AWS accounts, instrumented dynamic analysis uncovers all exploitable AWS Lambda functions. With support for the latest AWS Lambda services you can uncover security issues in AWS Step Functions – a service that coordinates multiple Lambda functions into flexible workflows.

Uncover OWASP Top Ten vulnerabilities including:

In addition, it provides improved AWS account observability and increased security coverage by uncovering all serverless account assets including unused functions (shadow functions). These unused functions are usually not maintained and contain outdated dependencies leading to potential vulnerabilities.

Once you connect to an account from Contrast, Contrast Serverless monitors this account. As you make changes to your functions' code or configurations, Contrast automatically initiates a new scan.