Skip to main content

Use Contrast

The way you interact with Contrast depends on your particular situation, the tools and integrations you use, your roles and permissions, and whether you are accessing Contrast through the web interface, command line tools or the REST API.


All commands used in this guide should be run in a command shell with administrative privileges from the directory in which Contrast was installed.

The majority of Contrast users will likely be assigned an Editor role. (You can see what permission level you have under user settings.)

With Editor permissions you can instrument an application and start viewing results in Contrast. You can also interact with the basic components of Contrast (all visible in the header of the web interface):

  • Applications

    View a searchable list of an organization’s applications. License, merge, tag, archive and restore applications.

  • Servers

    View a searchable list of an organization’s servers. Designate server environment, enable Assess and Protect, settings, tagging and deleting.

  • Libraries

    View a searchable list of libraries being used by all the applications in an organization. Use tags and view statistics for known vulnerabilities present in libraries and high-risk libraries.

  • Vulnerabilities

    View a searchable list of vulnerabilities discovered. You can view this list for each application in an organization. Mark status, merge, share, tag, and export vulnerabilities. View details of any vulnerability for more information and guidance for fixing it.

  • Attacks

    View a searchable list of attacks that are occurring or have occurred on all the applications in an organization. View attacks at the highest level or delve into the individual attack events.

You can also use other features and tools to enhance your Contrast experience:

  • Reports

    Collect data and export as a CSV or PDF to share it outside of Contrast.

  • Integrations

    Use Contrast in conjunction with other tools like bugtrackers, build tools, application servers, Security Incident Event Management (SIEM), notifications and chat.

  • Contrast CLI

    Perform software composition analysis (SCA) on your application to show you the dependencies between open-source libraries.

Although most of the configuration for these features requires system, organization or RulesAdmin permissions, an Editor can: