Skip to main content

Use Contrast

The way you interact with Contrast depends on your particular situation, the tools and integrations you use, your roles and permissions, and whether you are accessing Contrast through the web interface, command line tools or the REST API.


All commands used in this guide should be run in a command shell with administrative privileges from the directory in which Contrast was installed.

The majority of Contrast users will likely be assigned an Editor role. (You can see what permission level you have  under user settings.)

With Editor permissions, you can instrument an application, start viewing results in Contrast, and interact with the basic components of Contrast (all visible in the header of the web interface):


If your organization has the new role-based access control turned on, your administrator can tell you what permissions you have and what you can access.

  • Projects

    View projects and findings for open source software after you run the CLI on a manifest, or you connect a GitHub, Bitbucket, or GitLab account to your Contrast organization.

  • Applications

    View a searchable list of an organization’s applications. License, merge, tag, archive and restore applications.

  • Scans

    Run static scans and view results for Java binaries and multi-language source code using SAST technology.

  • Servers

    View a searchable list of an organization’s servers. Designate server environment, enable Assess and Protect, settings, tagging and deleting.

  • Libraries

    View a searchable list of libraries being used by all the applications in an organization. Use tags and view statistics for known vulnerabilities present in libraries and high-risk libraries.

  • Vulnerabilities

    View a searchable list of vulnerabilities discovered. You can view this list for each application in an organization. Mark status, merge, share, tag, and export vulnerabilities. View details of any vulnerability for more information and guidance for fixing it.

  • Attacks

    View a searchable list of attacks that are occurring or have occurred on all the applications in an organization. View attacks at the highest level or delve into the individual attack events.

You can also use other features and tools to enhance your Contrast experience:

  • Reports

    Collect data and export as a CSV or PDF to share it outside of Contrast.

  • Integrations

    Use Contrast in conjunction with other tools like bugtrackers, build tools, application servers, Security Incident Event Management (SIEM), notifications and chat.

  • Contrast CLI

    Perform software composition analysis (SCA) on your application to show you the dependencies between open-source libraries.

Although most of the configuration for these features requires system, organization or RulesAdmin permissions, an Editor can: