APPLICATION LIFECYCLE INTEGRATIONS

ASSIST DEVELOPERS IN STREAMLINING APPLICATION SECURITY CHALLENGES BY PROVIDING CONTEXT ABOUT APPLICATION VULNERABILITIES WHILE PROVIDING ACTIONABLE FIX GUIDANCE WHERE DEVELOPERS ALREADY WORK.

OBSERVABILITY THROUGH THE APPLICATION LIFECYCLE

Application-life-cycle-integration-3

IDE / CODE EDITORS

LEARN ABOUT AND REMEDIATE SECURITY RISKS

Contrast’s integration with IDE/Code editors empowers developers to act on clear advice to remediate custom code vulnerabilities.

visual-1
VISUAL STUDIO CODE

Contrast’s integration with Visual Studio Code enables dev teams to see vulnerabilities by severity and status directly from the plugin including granular details and fix recommendations.

 

visual-2
VISUAL STUDIO

Visual Studio in combination with Contrast enables teams to see vulnerabilities directly from the plugin for faster remediation. Developers gain visibility and vulnerability insights on the line of code in the Contrast Vulnerability tab.

visual-3
VISUAL STUDIO FOR MAC

Provides vulnerability details by severity, application, status and history enabling dev teams to pull and coordinate information from the Contrast Platform to gain granular details and activity status.

inteluj
INTELLIJ

The Contrast and IntelliJ integration displays vulnerabilities from instrumented applications pulled from the Contrast Platform. For in-depth vulnerability information, use the Contrast Platform UI to drill down on affected lines of code for detailed vulnerability information.

eglips
ECLIPSE

Vulnerabilities found via Contrast can be displayed and remediated directly in the Eclipse IDE plugin. This includes changing the vulnerability status once the vulnerability is fixed. Detailed vulnerability information is displayed in the Contrast UI.

securecodewarriorlogo_white
Secure Code Warrior

The Contrast - Secure Code Warrior integration provides just-in-time “how-to-fix” help via micro-videos and interactive contextual courses that are specific to the code that is being fixed or the vulnerabilities found by the Contrast Application Security Platform

TICKETING

TRACK AND REMEDIATE VULNERABILITIES

Contrast’s integration ticketing systems centralizes vulnerabilities displaying an in-depth view of issue severity, prioritization and tracking remediation.

github
GITHUB

Contrast can automatically send issues to your GitHub repository. This automates and centralizes tracking of remediations.

azure
AZURE BOARDS

The Contrast Azure Boards integration automatically generates work items for bug tracking, synchronizing comments and push notifications for your applications. You can enable two-way integration to automatically update the vulnerability status in Contrast.

jira
JIRA

Integrating Jira with Contrast enables you to automatically generate tickets, synchronize responses and push notifications.

ca-azile
CA AGILE CENTRAL

With CA Agile Central and Contrast integration, teams can automatically create, track and remediate application vulnerabilities.

bugzila3
BUGZILLA

For teams using Mozilla’s Bugzilla, Contrast can integrate with Bugzilla to track application vulnerabilities.

serna
SERENA

The Serena Business Manager integration with Contrast enables teams to receive notifications from Contrast to track applications security vulnerabilities.

CHAT OPS

RECEIVE NOTIFICATIONS ABOUT APPLICATION SECURITY RISKS

Integrating chat tools with the Contrast Platform enables teams to receive notifications on application health, vulnerability resolution activities, and attack history to lend confidence and provide visibility into the security posture of organizations' application portfolios.

miscrosoft-team
MICROSOFT TEAMS

Chat tools spur conversations and easily allow for collaboration in instances when team members may be busy but questions arise. The integration of Contrast with Microsoft Teams centralizes communication for vulnerability remediation across distributed and remote teams.

slack
SLACK

Contrast’s integration with Slack enables teams to communicate throughout the software development lifecycle, from development to production. Teams can receive notifications from Contrast for events such as vulnerabilities and attacks for intra team communications.

CI/CD

Detect, Remediate and Validate

AppSec managers struggle to get business units and app teams to adopt the same criteria for failing build. By integrating Contrast into your CI/CD workflow, centralized build parameters and outcomes are created enabling teams to understand when builds are too vulnerable.

integrations-jenkins
JENKINS

Contrast’s integration with Jenkins allows teams to fail or mark builds unstable if the applications are too vulnerable. Contrast considers parameters such as numbers of vulnerabilities, severity, and rule types.

integrations-azure-pipeline-logo
AZURE DEVOPS PIPELINE

Contrast’s integration with Azure DevOps enables teams to fail or classify builds as unstable, preventing vulnerable applications from being released to production due to severity, number of vulnerabilities and rules.

integrations-cicrleci
CIRCLECI

The integration of Contrast and Circle CI allows teams to classify builds (fail/unstable) if the applications are vulnerable.

integrations-bamboo
BAMBOO

The Bamboo plugin enables you to fail builds for applications that are too vulnerable.

integrations-maven
MAVEN

The Maven plugin allows Contrast to discover vulnerabilities in your applications during integration or verification testing.

 

integrations-gradle
GRADLE

The Gradle plugin allows Contrast to discover vulnerabilities in your applications during integration or verification testing.

 

SIEM / INCIDENT MANAGEMENT

ATTACK OBSERVABILITY

Application security events and known vulnerabilities can be easily integrated into operations’ tools to centralize tracking, collection, analysis and notification of events.

Azure Sentinel Logo -Square
Azure Sentinel

Secure your apps on Azure by preventing attacks. Contrast Protect empowers teams to defend their applications anywhere they run, by embedding an automated and accurate runtime protection capability within the application to continuously monitor and block attacks.

integrations-splunk-logo
SPLUNK

Contrast integrates seamlessly with Splunk so application vulnerabilities and attacks can be collected and displayed directly in the Splunk dashboard for a centralized analysis and viewing of all incidents.

integrations-sumologic
SUMO LOGIC

Contrast communicates with Sumo Logic so application vulnerabilities and attacks can be seen directly in Sumo Logic dashboards for a centralized view of all incidents.

integrations-datadog
DATADOG

Contrast can easily send application security vulnerabilities directly to DataDog so they can be viewed or incorporated with all security events to get a complete picture of security posture.

integrations-pagerduty
PAGERDUTY

Contrast can be configured to send application security attack notifications to PagerDuty for immediate notification to on-call teams.

integrations-victorops
VICTOROPS

Contrast’s integration with VictorOps enables Contrast to send attack notification to VictorOps so teams can take necessary action against attacks.

SDKs / WEBHOOKs

BUILD CUSTOM SERVICES AND ALERT ON CRITICAL EVENTS

Contrast enables teams to easily integrate custom services and receive vulnerability alerts and attack notifications through SDKs and Webhooks.

integrations-javasdk
JAVA SDK

Contrast’s architecture easily enables teams to customize or create new capabilities for java applications for extending the Contrast Platform without needing to use Contrast’s APIs directly.

integrations-javascriptsdk
JAVASCRIPT SDK

Applications using JavaScript can extend the Contrast Platform through the use of the JavaScript SDK. Custom built services can receive notifications about new application vulnerabilities.

integrations-pythonsdk
PYTHON SDK

Companies may need to integrate Python applications with Contrast to track application security vulnerabilities. Contrast enables easy integration through Python SDKs.

integrations-netsdk
.NET SDK

NET Core SDK can integrate with the Contrast Platform enabling .Net applications to pull Contrast data without needing to use the API directly.

integrations-webhook
WEBHOOK

Contrast supports a generic webhook integration. This enables custom services to receive notifications on any URL that receives a POST message. Subscribe to any number of metadata fields for several event triggers.

integrations-contrastcli
CONTRAST CLI

The Contrast CLI enables you to identify vulnerable libraries, fail a build based on CVE severity and view a dependency tree to understand the dependencies between libraries and where vulnerabilities have been introduced.