Integrate with Secure Code Warrior

Important

This feature is in beta. This means things might change or act unexpectedly. By using this integration, you agree to the Contrast Beta Terms and Conditions.

Set up an integration with Secure Code Warrior to access contextual training videos and coding exercises within How to Fix for a vulnerability within Contrast and its IDE plugins (e.g. IntelliJ, Eclipse, Visual Studio).

To connect to Secure Code Warrior:

  1. Clone the integrations-scw code repository which is published here: https://github.com/Contrast-Security-OSS/integrations-scw.git.

  2. Login to the Contrast TeamServer in your browser.

  3. Click your name in the top right, and select User settings.

  4. Update the config.json with details about your TeamServer and credentials from the Your Keys section. If EOP, please ensure the url ends in /api/ng/.

  5. Run with python3 contrast_scw.py. It can be run more than once should changes be made, it will overwrite the rule references each time it is run.

This script requires Python3 and organizational admin privileges to run.

Tip

Contrast only supports one set of references per rule. Consider modifying the languages map in the map_contrast_lang_to_scw_lang function within contrast_scw.py function to suit your customer's most popular frameworks in order they receive the most relevant training material. For a list of supported languages run:curl -X GET "https://integration-api.securecodewarrior.com/api/v1/language-keys" -H "accept: text/plain".

Warning

This script will overwrite any manual rule references that you may have added to your Contrast environment in Policy Management > Assess Rules.

 

In this section: