Skip to main content

icon-developers.png Use CLI for open source library analysis

The Contrast CLI lets you analyze open source libraries for vulnerabilities and returns the results.

By default, the CLI doesn't store the results locally. To maintain persistent data, use the CLI---track option to send the results to the Contrast web interface.

Before you begin

Steps

  1. Store your Contrast credentials locally with this command in a terminal window:

    contrast auth
--api-key <ContrastAPIKey>
--authorization <ContrastAuthorizationHeader>
--host <YourHosDomain>
--organization-id <ContrastOrganizationID>

    Get the Contrast API key, the authorization header, and organization ID by logging into the Contrast web interface and selecting user menu > User settings.

  2. Find vulnerable libraries by using this command in a terminal window:

    contrast audit [option]

    • Use the --track option to send persistent results to the Libraries Static tab in the Contrast web interface.

    • Use the --file option to specify a directory or file to audit.

    CLI commands describes all the valid options for the audit command.

Next steps

In this section: