Secure one application in development and production for free.
What is Contrast Community Edition?
Contrast Community Edition is the free forever modern software security platform that enables developers to self serve on security. Contrast Community Edition provides the complete functionality of our paid platform solutions, Contrast Assess, Contrast OSS, and Contrast Protect. Contrast Community Edition's main limitations from the paid platform are language support (Java, .NET Core) and only one (1) application can be onboarded.
Your Community Edition
Scroll through the step by step experience of onboarding an application
into Contrast Community Edition to see just how easy it is to experience a faster,
more effective approach to securing the software you create.
Step 1: Install
Install the Contrast agent onto your application server. Our instrumentation sensors are compatible with a number of application languages, runtime platforms, and deployment methods.
Step 2: Activate an Application
Trigger your data flow through your running application. Transform your functional test suite ( unit, integration, etc. ) into a security test suite by simply executing your existing CI/CD pipeline.
Step 3: Notification
Instantly learn about vulnerabilities in your application. Become aware of vulnerabilities the moment they are discovered without getting bombarded with the noise and alerts of false positives.
Step 4: Remediation
Receive guidance in your development environment to remediate those vulnerabilities. Consume clear, concise, and actionable advice in your IDE to remediate your vulnerabilities that are also communicated linter-style and concatenated to the list of compile-time errors.
Step 5: Verification
Rerun automated functional tests to verify remediation. Contrast will automatically verify that the vulnerability no longer exists on the route via RouteIntelligence™ and automatically close Jira tickets to make sure that your focused remediation effort is accounted for in sprint reports.
Step 6: Protection
Automatically notify or block attacks in real-time for vulnerabilities in production code. Defer vulnerability remediation to a future sprint so that feature velocity is not compromised. Let on-call and operations teams monitor and handle attacks that your WAF cannot detect.