Skip to main content

Use Assess CLI with Ruby agents

Use this procedure if you are using Contrast Ruby agents and want to find vulnerabilities while running API or end-to-end testing..

Before you begin

Steps

  1. Add this entry to your gemfile:

    gem 'contrast-agent'

  2. Install or update your agent:

    • Install the agent with this command:

      bundle install

    • Update the agent with this command:

      bundle update contrast-agent

    Important

    Do not create a configuration (YAML) file for this agent. The Assess CLI creates this file automatically.

  3. Configure middleware (Grape, Rails, or Sinatra)

    • Grape: Add the middleware directly to your application class extending the Grape::API or to your config.ru file if a class is not available.

      require 'contrast-agent'
use Contrast::Agent::Middleware, true

    • Rails: No code change required.

    • Sinatra: Add the middleware directly to your application class extending the Sinatra::Base or to your config.ru file if a class is not available.

      require 'contrast-agent'
use Contrast::Agent::Middleware, true

  4. Verify that autoconf is installed on the system where you will run the agent.

  5. Open a terminal window and enter the Assess CLI command:

    contrast assess

    This command generates the agent configuration file that the Contrast CLI and the agent share. CLI commands describes the options for this command, including the path for the configuration file.

    You see output similar to this:

    ✔Configuration file found at "user_path"

    ⠼ Waiting for the session to be created.

  6. Run your application using your IDE or a second terminal window.

  7. Exercise your application, either interactively or using automated API or end-to-end tests.

  8. In the terminal window where you entered the Assess CLI command, view the results.

In this section: