Skip to main content

Security analysis

Use Contrast CLI to perform security analysis.

Run a SAST scan

  1. In the terminal, type the following code: contrast scan -f <file name>.

  2. In the results click the link to view the scan results.

Find vulnerable libraries

  1. In the terminal, type the following code: contrast audit.

  2. If you used the --track flag with the audit command, click the link in the results to open the library view.

Find vulnerabilities in your AWS lambda functions

  1. In the terminal, type the following code: contrast lambda--function-name [option].

  2. In the results, review any recommendations and update policies based on the provided information.

Find vulnerabilities with Contrast Assess

  1. Install or update a Contrast agent:

  2. In the terminal, type the following code: contrast assess

    This command generates the agent configuration file that the Contrast CLI and the agent share. The default locations for the configuration file are:

    • MacOS and Linux


    • Windows


    You have the option of specifying a different location with --config-path.


    If your user does not have write permissions to the directory where the configuration file is located, use sudo or a similar mechanism to create the folder. For example:

    sudo mkdir /etc/contrast

    Then, grant all users read and write permissions. For example:

    sudo chmod 777 /etc/contrast
  3. Run your application in your IDE or a second terminal window.

  4. Exercise your application, either interactively or using automated API or end-to-end tests.

  5. View the results in the terminal where you entered the Contrast Assess CLI command.