With Contrast your applications automatically detect and fix vulnerabilities, identify attacks, and defend themselves. With this POC, I’m checking if it’s worth the money as a product.
-
JDK 1.8 (Tested with Oracle JDK)
-
Maven 3.x+
-
contrast_security.yaml (Download from contrastsecurity.com and put it in /etc/contrast/java)
-
and contrast.jar (Download from contrastsecurity.com and put it in contrast-resource dir in the project)
api:
url: https://ce.contrastsecurity.com/Contrast
api_key: my_api_key
service_key: my_service_key
user_name: my_user_name$ mvn clean compile install$ java -Dcontrast.appname=contrast-security-poc -javaagent:./contrast-resource/contrast.jar -jar target/contrast-security-poc-1.0.0.jarSet the following environment variables
CONTRAST_USERNAME=YOUR_USERNAME
CONTRAST_APIKEY=YOUR_CONTRAST_APIKEY
CONTRAST_SERVICEKEY=YOUR_CONTRAST_SERVICEKEY
CONTRAST_ORG_UUID=YOUR_CONTRAST_ORG_UUID
CONTRAST_APPID=YOUR_CONTRAST_APPID
CONTRAST_APPNAME=YOUR_CONTRAST_APPNAME
CONTRAST_SERVERNAME=YOUR_CONTRAST_SERVERNAMEmvn install -P run-with-contrast$ docker build -t mmahmood/contrast-agent:latest -f Dockerfile-contrast-agent .
$ docker push mmahmood/contrast-agent:latest$ mvn clean compile package
$ mvn dockerfile:build
$ docker push mmahmood/contrast-security-poc:latest$ docker build -t mmahmood/contrast-security-poc-with-contrast-agent:latest --build-arg JAR_FILE=target/contrast-security-poc.jar -f Dockerfile-app-with-contrast-agent .
$ docker push mmahmood/contrast-security-poc-with-contrast-agent:latest