Contrast SCAN

PIPELINE-NATIVE STATIC CODE ANALYSIS
 

Why Contrast Scan

pipeline-native static code analysis
Purpose built To run in any pipeline

Built from the ground up to run in any modern pipeline. Scans can be initiated through a command-line (CLI) option, build automation (e.g., Maven, Gradle, GitHub Action), through a simple API call or a secure code upload.

Fast Enough to run on every commit

Provides a step-function improvement in setup, scan, and triage time. Speed without compromising accuracy allows scans to actually be run and results to be actioned without breaking the CI/CD pipeline.

Focused On what gets you hacked

Delivers highly focused, accurate results using a smart, risk-based ruleset combined with an exploitability-focused detection algorithm. This allows organizations to focus limited staff resources on the critical vulnerabilities that matter.

Key Features

SAST_Scan_Demand-Driven_Risk-Based_Analysis-1
DEMAND-DRIVEN, RISK-BASED ANALYSIS
TO DELIVER FOCUSED RESULTS

A breakthrough demand-driven algorithm powers the static analysis engine in Contrast Scan, enabling teams to pinpoint exploitable vulnerabilities while ignoring those that pose no risk. As a result, based on real-world scan results, Contrast Scan can shrink the amount of time to run scans by upto 10x.

SAST_Scan_Precision_Remediation_Guidance-1
PRECISION REMEDIATION GUIDANCE
IDENTIFY & FIX FASTER WITH ACTIONABLE VULNERABILITY DATA

Contrast Scan delivers unparalleled speed and accuracy that results in dramatically faster scan times and the ability to focus on the most critical attack vectors. It also plugs into pull request workflows, CI builds, and on-scheduled cadences and integrates code-level, "how-to-fix" guidance that does not require security expertise.





 

SAST_Scan_Native_Integrations
NATIVE INTEGRATIONS
TREAT SECURITY VULNERABILITIES AS DEFECTS

Plug-ins for native IDE, build, and bug tracking tools bring security results into the same workstream as any other quality bug. In addition, Contrast CI/CD integrations can enforce a security quality threshold and ensure that vulnerable or noncompliant builds are failed and not promoted to production.

Resources

White Paper: Contrast Scan Is Faster, More Accurate, and More Efficient

Read this white paper to learn how Contrast Scan uses pipeline-native static analysis to transform legacy SAST with faster speed and dramatically better accuracy.

read the whitepaper
eBook: Pipeline-Native Static Analysis Why It Is the Future of SAST

Read this eBook to learn the benefits of a pipeline-native static analysis approach and what it entails.

download ebook
Solution Brief: Contrast Scan: Modern Application Security Scanning

Traditional static application security scanning tools were not designed to be built into a development pipeline, nor to support the spread of today’s distributed applications.

read the brief

ASSESSING APPLICATIONS IS COMPLEX,
BUT
CONTRAST SECURITY MAKES IT EASY.

SEE HOW PIPELINE-NATIVE STATIC ANALYSIS CAN IMPACT
YOUR DEVSECOPS PROGRAM.