Skip to main content


Contrast Scan is a static application security testing (SAST) tool that lets you quickly scan code to identify vulnerabilities in early stages of development.

You can use these types of scans:

  • Java binary: Scans Java JAR or WAR files.

  • Source code Scans artifacts for most languages.

  • Local scan engine: Scans artifacts on your local system. Contrast receives the results but you don't upload local code.

Scan tasks

In Contrast Scan, you can:

See also

Scan supported languages