Eclipse Plugin

About Contrast for Eclipse

Contrast provides visibility to vulnerabilities in your applications and protects them against attacks. For applications deployed with the Contrast agent, access vulnerability information directly within your Eclipse IDE. You're directed to the line of code inside Eclipse and can view more details in the Contrast console, allowing you to provide application security feedback to developers right at the time of development for faster remediation.

Supported systems

Eclipse versions:

  • Photon (4.8)
  • Oxygen (4.7)
  • Neon (4.6)

Operating systems:

  • Mac/OS
  • Windows

Setup and Configuration

Step one

  • Download the Contrast plugin from the Eclipse Marketplace by clicking on Help and then Eclipse Marketplace.
  • Search for “Contrast Security”.
  • Click Install.

Step two

  • Open the Contrast View to configure communication to Contrast application.
  • To open and configure the plugin, navigate to Window > Show View > Other.
  • Search for “Contrast”, and add the view that appears in the search.

Step three

  • Once you add the Contrast View, enter your Username, API Key and Service Key in the configuration screen. You can also navigate to the configuration screen by going to Eclipse Preferences and searching for "Contrast".

  • To find your keys in the Contrast application, go to the Your Account section and scroll to the bottom. The Organization ID is available on the API page in Organization Settings (with edit and higher access roles).

Step four

  • Click the button to Add an organization.

Well done! Eclipse is configured to get vulnerability information from Contrast.

Find Vulnerabilities

The Vulnerabilities view in Eclipse shows a list of all the vulnerabilities from Contrast. You can sort and filter them.

For more information, double-click the vulnerability title; or, click on the Go to page button in the Contrast Vulnerabilities tab to go to the Contrast UI.

IntelliJ Plugin

About Contrast for IntelliJ

Contrast provides visibility of vulnerabilities in your applications, and protects your applications against attacks. For applications deployed with the Contrast agent, you can access vulnerability information directly within your IntelliJ IDEA. You're directed to the line of code inside IntelliJ, and can view more details in the Contrast console, which allows you to provide application security feedback to developers right at the time of development for faster remediation.

Supported systems

IntelliJ versions:

  • 2017.1.5 +

Setup and Configuration

Step one

  • Download the Contrast plugin:
    • On Windows, go to File > Settings > Plugins > Browse Repositories.
    • On OSX, go to Preferences > Plugins > Search in Repositories.
  • Search for “Contrast Security”.
  • Click Install.

Step two

  • Configure the Contrast plugin for IntelliJ IDEA:
    • On OSX, go to File > Settings > Contrast.
    • On Windows, go to Preferences > Contrast.
  • Add the TeamServer URL, Username, Service Key, API key, and Organization ID in the given fields.

Note: To find your keys, go to the user menu > Your Account > Profile page in the Contrast UI.

  • Add a new organization by clicking the Add button.

  • Once the plugin is configured, click the refresh button in the Contrast tool window to update the list of vulnerabilities.

Well done! IntelliJ is configured to get vulnerability information from Contrast.

Find Vulnerabilities

The Vulnerabilities view in IntelliJ shows a list of all the vulnerabilities from Contrast. To sort vulnerabilities, click on the column header.

You can also click on the filter (funnel) icon to open the Set Filters dialog.

For more information on a vulnerability, double-click on its entry in the list.

Visual Studio Plugin

About Contrast for Visual Studio

Contrast provides visibility of vulnerabilities in your applications, and protects your applications against attacks. For applications deployed with the Contrast agent, you can access vulnerability information directly within your Visual Studio IDE. You're directed to the line of code inside Visual Studio, and can view more details in the Contrast application, which allows you to provide application security feedback to developers right at the time of development for faster remediation.

Supported systems

Visual Studio versions:

  • 2017 (15.0+)

Setup and Configuration

Step one

  • Go to Tools and select Extensions and Updates.
  • In the new window, select Online from the left navigation panel.
  • Search for "Contrast", and click Download.
  • Once the download is finished, restart the IDE.

Step two

  • Open your IDE options to configure connection settings by going to Tools and selecting Options. Search for "Contrast Security" in the left navigation panel.
  • You can also use the search box in the top right corner by searching for "Contrast Security" and choosing the Contrast Security - Connection option.

Step three

  • In the Connection settings form, fill your Contrast URL, Username and Service Key in the given fields. (To find your service key in the Contrast application, go to the user menu > Your Account > Profile page.)

  • Add a new organization by clicking the Add button and inserting the organization API key. (You can find this key in Contrast application by going to the user menu > Organization Settings > API tab.)

Note: The API key must belong to the organization you want to have access or you'll get Unauthorized errors. This will lock your account after many failed attempts!

  • Click the Load button, select the organization for this API key from the dropdown menu, and click Save.

Step four

  • You can check the connectivity by clicking Test Connection. You can do this after selecting a saved organization or while adding a new one.
  • Click OK once you're finished.

Well done! Visual Studio is configured to get vulnerability information from Contrast.

Find Vulnerabilities

Open the Contrast view by going to View > Other Windows > Contrast Security Integration. You can also search for "Contrast Security Integration" in the search box in the main view. This view in Visual Studio shows a list of all the vulnerabilities from Contrast.

To filter the list, click the Filter button (funnel icon) at the top-left corner of the page. In the window that appears, choose from multiple filters, including servers, applications, severity levels, states and last detected dates.

If you can't see your vulnerabilities list, click the Refresh button. To clear all selected filters, click the Broom button. This also applies for Server and Application lists.

Note: If you can't see your vulnerabilities even after refreshing the list, you must filter your vulnerabilities. You must repeat this process after selecting a different organization in the Connection settings so that filters and vulnerabilities are refreshed correctly.

Under the Actions column, you can use the button on the left (magnifier glass icon) to see more information about the vulnerability. You can use the button to the right (browser link icon) to go to the Vulnerability page in the Contrast application.