
Getting started with CodeSec
Bringing Contrast’s enterprise-level security to your development workflow for FREE (forever)
Step 1 – Install
Open a command-prompt or terminal, then install with NPM, Homebrew or by downloading binaries from Artifactory :
brew tap contrastsecurity/tap
brew install contrast
npm install -g @contrast/contrast
Note: CodeSec supports Node version 16
Linux, Mac and Windows binaries are available from Artifactory.
Select the latest build and your operating system.
Depending on your operating system you may need to allow execute permissions on the file.
Step 2 – Authenticate
Authenticate using your existing GitHub or Google account.
contrast auth
Step 3 – Run
Find your vulnerabilities
Navigate to your chosen directory.
Then run an SCA audit with the following command.
contrast audit
In minutes CodeSec by Contrast will report all known vulnerabilities found in your libraries with actionable remediation.
Supported languages:
Navigate to your chosen directory.
Then run a SAST scan on your Java, Javascript or .NET code with the following command.
contrast scan
In minutes CodeSec by Contrast will report all vulnerabilities found with actionable remediation.
Additionally, GitHub action is also available to automate Scan as part of your pipeline.
Supported languages:
contrast lambda --function-name
Supported languages:

AWS Policy
Make sure you have the following AWS permissions enabled:
- Lambda: GetFunction, GetLayerVersion
- IAM: GetRolePolicy, GetPolicy, GetPolicyVersion, ListFunctions, ListRolePolicies, ListAttachedRolePolicies
Here is an example AWS policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"iam:GetPolicyVersion",
"iam:GetPolicy",
"lambda:GetLayerVersion",
"lambda:GetFunction",
"lambda:ListFunctions",
"iam:ListAttachedRolePolicies",
"iam:ListRolePolicies",
"iam:GetRolePolicy"
],
"Resource": [
"arn:aws:lambda:*:YOUR_ACCOUNT:layer:*:*",
"arn:aws:lambda:*:YOUR_ACCOUNT:function:*",
"arn:aws:iam::YOUR_ACCOUNT:role/*",
"arn:aws:iam::YOUR_ACCOUNT:policy/*"
]
}
]
}
AWS Credentials
CodeSec by Contrast can find your AWS credentials in one of the following ways:
- Configured in your user profile (usually
~/.aws/credentials
) - Using the
--profile
flag (contrast lambda --profile myProfile
) - Using
AWS_DEFAULT_REGION
,AWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
environment variables
run contrast lambda --help
for more information on how to use the lambda
command.
contrast lambda --function-name myFunctionName
contrast lambda -f myFunctionName --region eu-central-1
contrast lambda -f myFunctionName --region eu-central-1 --profile myDevProfile
contrast lambda -f myFunctionName -v -j -r eu-central-1 -p myDevProfile
contrast lambda --function-name myFunctionName --verbose --json-output --region eu-central-1 --profile myDevProfile