npm install --global @contrast/contrast

Note: CodeSec supports Node version 18

Download the latest build binary for your operating system.

*Depending on your operating system you may need to allow execute permissions on the file.

Run SCA audit to scan for vulnerable libraries with the following command.

contrast audit

contrast audit --help for options

GitHub action is available to automate SCA as part of your pipeline.

    Need help getting started?

Supported languages:

Scan up to 50 projects per month

Run the following command to scan your source code (SAST). Contrast will search for .jar, .war, .js, .EXE or .zip files.

contrast scan

Ensure you have the correct AWS policies enabled first then run the following command to scan your serverless AWS Lambda functions.  

contrast lambda --function-name

contrast lambda --help for options.

    Need help getting started?

Supported languages:

You get FOR FREE
Unlimited tests, no concurrency of scanning

Analyze your application with a Contrast agent to expose vulnerabilities during runtime testing. (API or end-to-end).

A.  Install the Contrast agent  for your relevant language.

Supported languages:
Click on the icon to see language-specific instructions.

The Contrast CodeSec CLI is a Node.js application that is installed globally on your laptop.

B. Run this command

contrast assess

This command generates the agent configuration file that the Contrast CLI and the agent share.

You see this output:

✔ Application registered.

⠼ Waiting for the session to be created.

C. Run your application using your IDE or a second terminal window.

D. Exercise your application, either interactively or using automated API or end-to-end tests.

E. In the terminal window where you entered the Assess CLI command, view the results.

contrast assess --help for options.

Ctrl-C  in the terminal windows to stop the application.

If you do not have write permissions to the directory you can use sudo or some other mechanism to create the folder and grant all users read/write permissions. Example:

sudo mkdir /etc/contrast 
sudo chmod 777 /etc/contrast

    Need further help getting started?

You get to try out Contrast IAST on
1 application with 1 Assess license.
across a few languages.

To hear more about a better plan to suit your team contact us here