The Contrast .NET Core agent analyzes the behavior of .NET Core web applications as users interact with them. To start analyzing an application, download the .NET Core agent distribution from the Contrast UI, and set up the environment of your applications to use the agent.
To exercise the agent, point your browser to the web application and use it as you normally would: click on links, submit forms using normal data, etc. The .NET Core agent's sensors will gather information about the application's security, architecture and libraries. You can view the results of the agent's analysis in the Contrast UI.
Before installing the .NET Core agent, confirm that you can meet the following requirements:
Note: The .NET Core agent uses the CLR Profiling API to perform data and code flow analysis - detect SQL-injection, XSS, weak cryptography, etc. - as well as to detect libraries and technologies used by analyzed applications. The .NET Core agent, unlike the .NET agent, can't exist alongside other .NET Profiler agents, such as performance or APM tools.
1 The server must have .NET Framework 4.7.0 or above installed; this is only used to start up the agent and connect to the Contrast UI. This requirement doesn't extend to applications that need to be analyzed. The .NET Core agent can analyze web applications that run on a supported CoreCLR Runtime (CLR): CoreClr v. 2.1 and above.
2 The .NET Core agent running in Assess mode roughly doubles the RAM requirements of analyzed applications. Applications should use less than half of the available memory when the .NET agent isn't installed.