Skip to content

Contrast Scan

Code scanning purpose-built for modern pipelines with industry-leading speed and accuracy

Contrast Scan-1

Contrast Scan is a code scanning tool built from the ground up to make security testing as routine as a code commit while focusing on the most imperative vulnerabilities to deliver fast, accurate and actionable results. 

navtive-pipeline-icon-01-1

Purpose-Built for Native Developer Pipelines

Built from the ground up to run in any modern pipeline. Scans can be initiated through a command-line (CLI) option, build automation (e.g., Maven, Gradle, GitHub Action), through a simple API call or a secure code upload.

speed-accurate-icon-01

Lighting Speed Without Sacrificing Accuracy

Expedited time to value for security and development teams when accounting for setup, scan, and triage time. Speed without compromising accuracy allows scans to actually be run and results to be actioned without breaking the CI/CD pipeline.

hack-focus-icon-01

Focus on What Gets You Hacked

With an exploitability-focused detection algorithm, achieve the most accurate static analysis solution based on OWASP Benchmark scores.This allows organizations to focus limited staff resources on the critical vulnerabilities that matter.

 

Static Application Security Testing (SAST) is the most common tool used in Development to secure Cloud-Native Applications, according to Survey Analysis: Enabling Cloud-Native DevSecOps by Gartner™

Gartner, Survey Analysis: Enabling Cloud-Native DevSecOps

Dionisio Zumerle, 13 September 2021

Gartner is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved

log4j-logo-white
Contrast Scan for Log4j

Contrast Scan not only can scan your code for log injections associated with Log4j exploits, it can find the specific vulnerable class in Log4J 1.x versions.

See Contrast Scan in Action

Watch this demo where a product expert showcases key Scan features and answers questions live from the audience.

scan-demo

Risk-Based Analysis Engine

Deliver focused results and expedite time-to-results

A breakthrough code scanning algorithm powers the static analysis engine in Contrast Scan, enabling teams to pinpoint exploitable vulnerabilities while ignoring those that pose no risk and only cause hours of needless triage. As a result, based on real-world scan results, Contrast Scan can shrink the amount of time to run scans by up to 10x.

scan-1
scan-2

Precision Remediation Guidance

Identify & fix faster with actionable vulnerability data

Contrast Scan delivers unparalleled speed and accuracy that results in dramatically faster scan times and the ability to focus on the most critical attack vectors. It also plugs into pull request workflows, CI builds, and on-scheduled cadences and integrates code-level, "how-to-fix" guidance that does not require security expertise.

Native Integration

Treat security vulnerabilities as code quality defects

Plug-ins for native IDE, build, and bug tracking tools bring security results into the same workstream as any other quality bug. In addition, Contrast CI/CD integrations can enforce a security quality threshold and ensure that vulnerable or noncompliant builds are failed and not promoted to production.

navtive-integration

Resources to help you get
secure code moving

cs-scan-faster-wp

Contrast Scan Is Faster, More Accurate, and More Efficient

Read this white paper to learn how Contrast Scan uses pipeline-native static analysis to transform legacy SAST with faster speed and dramatically better accuracy.

cs-pipeline-native-wp

Pipeline-Native Static Analysis: Why It Is the Future of SAST

Read this white paper to learn the benefits of a pipeline-native static analysis approach and what it entails.

cs-scan-modern-app-sb

Contrast Scan: Modern Application Security Scanning

Traditional static application security scanning tools were not designed to be built into a development pipeline, nor to support the spread of today’s distributed applications.

Experience Contrast SCA

Schedule a one-to-one demo to see how you can make code analysis more efficient by integrating into developers’ native pipelines. 

Discover other products on the
Contrast Secure Code Platform

contrast-assess

Contrast Assess

Secure every line of code with breakthrough IAST technology

contrast-protect

Contrast Protect

Detect and block run-time attacks on known and unknown code vulnerabilities with greater precision

contrast-oss

Contrast SCA

Test and protect third party, open-source code moving through your software supply chain

contrast-serverless

Contrast Serverless

Find & fix security issues across serverless environments in just three clicks