Contrast Visual Studio plugin

Use the Visual Studio plugin to see vulnerability information for instrumented applications from the Visual Studio IDE.

The plugin directs you to a line of code inside Visual Studio, and you can view related details in the Contrast application. This way developers can get application security feedback at the time of development for faster remediation.

The plugin supports Visual Studio versions 2017 (15.0 and later) and 2019.

To install, configure and use the Visual Studio plugin:

  1. In Visual Studio, go to Tools and select Extensions and Updates.

  2. In the new window, select Online from the left navigation panel.

  3. Search for "Contrast", and select Download.

  4. After you finish the download, restart the IDE.

  5. In Visual Studio, go to Tools > Options.

  6. In the search, enter "Contrast Security" and select Contrast Security - Connection.

  7. In the Contrast Connection form, add the Contrast URLUsernameService keyAPI key and Organization ID in the appropriate fields. You can find these in your profile.

    Note

    The API key must belong to the organization you want to access or you'll get authorization errors. After many failed attempts, this will lock your account.

  8. Select Add. Visual Studio automatically tests the connection as it attempts to retrieve the organization from Contrast.

  9. Select the organization in the Organizations field, and select OK.

  10. In Visual Studio, go to View > Other Windows > Contrast Security Integration. You can also search for "Contrast Security Integration". This view shows a list of all the vulnerabilities from Contrast.

  11. To filter the list, click the Filter icon at the top-left corner of the page.

  12. In the window that appears, choose from multiple filters, including servers, applications, severity levels, states and last detected dates.

  13. If you can't see your vulnerabilities list, select Refresh. To clear all selected filters, click the Clear icon. This also applies for Server and Application lists.

    Note

    If you can't see your vulnerabilities even after refreshing the list, you must filter your vulnerabilities. You must repeat this process after selecting a different organization in the Connection settings so that filters and vulnerabilities are refreshed correctly.

  14. Under the Actions column, you can click the magnifying glass icon to see more information about the vulnerability. Use the icon to go to the Vulnerability page in Contrast.