What is CodeSec by Contrast?
CodeSec brings Contrast's enterprise-level security to your development workflow for FREE!
CodeSec delivers:
- CodeSec – Scan: Optimize code security for Java, Javascript and .NET with fast, industry-leading scans and actionable results.
- CodeSec – Serverless: Ground-breaking application security for AWS Lambda Functions (Java + Python)
- CodeSec – SCA: Coming this summer 2022
All these capabilities are available through a simple command line interface (CLI) or GitHub Action for CodeSec Scan
Step 1 – Install
Open a command-prompt or terminal, then install with NPM, Homebrew or by downloading binaries from Artifactory :
brew tap contrastsecurity/tap
brew install contrast
npm install -g @contrast/contrast
Note: CodeSec supports Node version 16
Linux, mac and windows binaries are available from Artifactory.
Select the latest build and your operating system.
Depending on your OS you may need to allow execute permissions on the file.
Step 2 – Authenticate
Authenticate using your existing GitHub or Google account.
Step 3 – Scan
Find your vulnerabilities
Navigate to your chosen directory.
Then run a SAST scan on your Java, Javascript or .NET code with the following command.
contrast scan
In minutes Contrast will report all vulnerabilities found with actionable remediation.
Our GitHub action is also available to automate Scan as part of your pipeline.
contrast lambda
AWS Policy
Make sure you have the following AWS permissions enabled:
Here is an example AWS policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"iam:GetPolicyVersion",
"iam:GetPolicy",
"lambda:GetLayerVersion",
"lambda:GetFunction",
"iam:ListAttachedRolePolicies",
"iam:ListRolePolicies",
"iam:GetRolePolicy"
],
"Resource": [
"arn:aws:lambda:*:YOUR_ACCOUNT:layer:*:*",
"arn:aws:lambda:*:YOUR_ACCOUNT:function:*",
"arn:aws:iam::YOUR_ACCOUNT:role/*",
"arn:aws:iam::YOUR_ACCOUNT:policy/*"
]
}
]
}
AWS Credentials
The Contrast CLI can find your AWS credentials in one of the following ways:
- Configured in your user profile (usually
~/.aws/credentials)
- Using the
--profile flag (contrast lambda --profile myProfile)
- Using
AWS_DEFAULT_REGION, AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables
For more information on how to use the lambda command, run contrast help.
contrast lambda --function-name myFunctionName
contrast lambda -f myFunctionName --region eu-central-1
contrast lambda -f myFunctionName --region eu-central-1 --profile myDevProfilecontrast lambda -f myFunctionName -v -j -r eu-central-1 -p myDevProfile
contrast lambda --function-name myFunctionName --verbose --json-output --region eu-central-1 --profile myDevProfile
