• Contrast Home
  • Start now

What is CodeSec by Contrast?

CodeSec brings Contrast's enterprise-level security to your development workflow for FREE!
CodeSec delivers:

  • CodeSec – Scan:  Optimize code security for Java, Javascript and .NET with fast, industry-leading scans and actionable results.
  • CodeSec – Serverless:  Ground-breaking application security for AWS Lambda Functions (Java + Python) 
  • CodeSec – SCA:  Coming this summer 2022

All these capabilities are available through a simple command line interface (CLI) or GitHub Action for CodeSec Scan

Step 1 – Install

Open a command-prompt or terminal, then install with NPM,  Homebrew or by downloading binaries from Artifactory :

brew tap contrastsecurity/tap
brew install contrast

Step 2 – Authenticate

Authenticate using your existing GitHub or Google account.

contrast auth

Step 3 – Scan

Find your vulnerabilities

Navigate to your chosen directory.
Then run a SAST scan on your Java, Javascript or .NET code with the following command.

contrast scan


In minutes Contrast will report all vulnerabilities found with actionable remediation.


Our GitHub action is also available to automate Scan as part of your pipeline.