Skip to main content

Use Assess CLI with Java agents

Use this procedure if you are using Contrast Java agents and want to use the CLI to find vulnerabilities while running API or end-to-end testing.

Before you begin

Steps

  1. To install the latest Java agent , download it from from Maven Central.

    Important

    Do not create a configuration (YAML) file for the agent. The Assess CLI generates this file automatically.

  2. Open a terminal window and enter the Assess CLI command:

    contrast assess

    This command generates the agent configuration file that the Contrast CLI and the agent share. CLI commands describes the options for this command, including the path for the configuration file.

    You see output similar to this:

    ✔Configuration file found at "user_path"

    ⠼ Waiting for the session to be created.

  3. In your IDE or a second terminal window. run your application with this command:

    java -javaagent:<YourContrastJarPath> -jar <AppName>.jar

    Alternative methods:

    • IntelliJ: Modify the run configuration to include the following command as a VM argument:

      -javaagent:<YourContrastJarPath>

      Replace <YourContrastJarPath> with the path for the Java agent's contrast.jar file.

      Using the updated run configuration automatically runs your Java application with the Contrast agent.

    • VS code: Modify vmArgs setting in your launch configuration to include the following command as a VM argument:

       -javaagent:<YourContrastJarPath>

      Replace <YourContrastJarPath> with the path for the Java agent's contrast.jar file.

      Add the agent under the vmArgs setting

  4. Exercise your application, either interactively or using automated API or end-to-end tests.

  5. View the results in the terminal window where you entered the Assess CLI command.

In this section: