Beginning with Java agent version 3.6.3.8220, Contrast releases each version of its Java agent to Maven Central using group ID com.contrastsecurity and artifact ID contrast-agent. Go to com.contrastsecurity:contrast-agent to see the releases on Maven Central.

Although the jar file you can download from the Contrast UI is preconfigured with connection parameters, you must provide Contrast connection parameters using the agent configuration properties when using the contrast-agent.jar from Maven Central.

To learn how to download the Contrast agent from Maven Central, use the following guides:

• Add the Agent to a Maven Project
• Add the Agent to a Gradle Project with Docker
• Schedule Automatic Updates on Linux

Contrast artifacts deployed to Maven Central are signed with our GPG key hosted on pgp.key-server.io.

Debian Linux users may install the Contrast Java agent using the Contrast Debian repository.

• Use the following commands to configure your system to retrieve packages:

curl https://pkg.contrastsecurity.com/api/gpg/key/public | sudo apt-key add -
echo "deb https://pkg.contrastsecurity.com/debian-public/ all contrast" | sudo tee /etc/apt/sources.list.d/contrast-all.list

• Once you've finished configuration, install the Contrast Java agent:

sudo apt-get update && sudo apt-get install contrast-java-agent

• The Contrast Java agent jar is now installed at /opt/contrast/contrast-agent.jar.

Although the jar file you can download from the Contrast UI is preconfigured with connection parameters, you must provide Contrast connection parameters using the agent configuration properties when using the contrast-agent.jar from the Debian repository.

Red Hat Enterprise Linux (RHEL) and CentOS users may install the Contrast Java agent using the Contrast RPM repository.

• Use the following commands to configure your system to retrieve packages from the Contrast RPM repository:

OSREL=$(rpmquery -E "%{rhel}")
sudo -E tee /etc/yum.repos.d/contrast.repo << EOF
[contrast]
name=contrast repo
baseurl=https://pkg.contrastsecurity.com/rpm-public/centos-$OSREL/
gpgcheck=0
enabled=1
EOF

• Once you've finished configuration, install the Contrast Java agent:

sudo yum install contrast-java-agent

• The Contrast Java agent jar is now installed at /opt/contrast/contrast-agent.jar.

Although the jar file you can download from the Contrast UI is preconfigured with connection parameters, you must provide Contrast connection parameters using the agent configuration properties when using the contrast-agent.jar from the Contrast RPM repository.

To install the Java agent from the Contrast UI, complete the following steps:

• Log in to the Contrast UI.
• Click the button in the top navigation bar to Add Agent.
• Select the Java agent in the dropdown menu, and click the button to Download Agent. You may need to specify proxy authentication information required by your network before downloading the agent.

• After download, add a JVM parameter to install the Java agent.

Example: java -javaagent:contrast.jar -jar <app-name>.jar

To see examples for specific technologies, go to the Server Configuration page, and select the article for the container you want to use.

To start analyzing an application, use the web application as you normally would in your browser: click on links, submit forms using normal data, etc. The sensors of the Contrast Java agent will gather information about the application’s security, architecture and libraries. You can view the results of the agent’s analysis in the Contrast UI.

If you want to download the agent and test with WebGoat, Contrast has a public repository to help you get started.