Beginning with Java agent version 3.6.3.8220, Contrast releases each version of its Java agent to Maven Central using group ID com.contrastsecurity
and artifact ID contrast-agent
. Go to com.contrastsecurity:contrast-agent to see the releases on Maven Central.
Although the jar file you can download from the Contrast UI is preconfigured with connection parameters, you must provide Contrast connection parameters using the agent configuration properties when using the contrast-agent.jar from Maven Central.
To learn how to download the Contrast agent from Maven Central, use the following guides:
Debian Linux users may install the Contrast Java agent using the Contrast Debian repository.
curl https://pkg.contrastsecurity.com/api/gpg/key/public | sudo apt-key add -
echo "deb https://pkg.contrastsecurity.com/debian-public/ all contrast" | sudo tee /etc/apt/sources.list.d/contrast-all.list
sudo apt-get update && sudo apt-get install contrast-java-agent
/opt/contrast/contrast-agent.jar
.Although the jar file you can download from the Contrast UI is preconfigured with connection parameters, you must provide Contrast connection parameters using the agent configuration properties when using the contrast-agent.jar from the Debian repository.
Red Hat Enterprise Linux (RHEL) and CentOS users may install the Contrast Java agent using the Contrast RPM repository.
OSREL=$(rpmquery -E "%{rhel}")
sudo -E tee /etc/yum.repos.d/contrast.repo << EOF
[contrast]
name=contrast repo
baseurl=https://pkg.contrastsecurity.com/rpm-public/centos-$OSREL/
gpgcheck=0
enabled=1
EOF
sudo yum install contrast-java-agent
/opt/contrast/contrast-agent.jar
.Although the jar file you can download from the Contrast UI is preconfigured with connection parameters, you must provide Contrast connection parameters using the agent configuration properties when using the contrast-agent.jar from the Contrast RPM repository.
To install the Java agent from the Contrast UI, complete the following steps:
Example:
java -javaagent:contrast.jar -jar <app-name>.jar
To see examples for specific technologies, go to the Server Configuration page, and select the article for the container you want to use.
To start analyzing an application, use the web application as you normally would in your browser: click on links, submit forms using normal data, etc. The sensors of the Contrast Java agent will gather information about the application’s security, architecture and libraries. You can view the results of the agent’s analysis in the Contrast UI.
If you want to download the agent and test with WebGoat, Contrast has a public repository to help you get started.