Skip to content

Secure serverless code for free with CodeSec - Now available in AWS Marketplace

Secure serverless code for free with CodeSec - Now available in AWS Marketplace

As of August 12, 2022, Contrast Security's new, free developer security tool,  CodeSec, will be available in AWS Marketplace! CodeSec brings the fastest and most accurate scanner on the market right to developers at no cost. Providing actionable remediation guidance, CodeSec by Contrast enables developers to get up and running in less than five minutes. 

Thanks to CodeSec’s groundbreaking serverless feature, developers scan serverless environments in AWS Lambda Functions (Java and Python) and detect cloud-native vulnerabilities quickly and accurately with actionable remediation guidance at no cost. Take advantage of this new free developer security tool, now available in AWS Marketplace!


Get Started With CodeSec - Serverless

CodeSec enables developers to secure both traditional and serverless environments by offering these two tools through a simple command-line interface (CLI) to get started:


  1. Open a command-prompt or terminal, then install with NPM or Homebrew.
  2. If already installed, then choose from the following commands:

    Note: CodeSec supports Node versions >=16.13.2 <17

    1. npm install -g @contrast/contrast

    2. brew tap contrastsecurity/tap
      brew install contrast


  1. Once Contrast is installed on your terminal, it’s time to authenticate with your GitHub or Google account by entering the following command:
    1. contrast auth
  2. Once this command is entered, a new tab in your browser will open, asking you to connect with either your GitHub or Google Account.
  3. Once connected, your terminal will update and you are now ready to start scanning!


Once installed on your terminal, Type "contrast help" to see CodeSec's capabilities:


  1. CodeSec Serverless - CodeSec supports scanning for Java and Python in  lambda functions. To run a lambda scan, ensure AWS credentials (AWS_DEFAULT_REGION, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) are configured in your local environment. Then you are ready to use the contrast lambda command to scan your AWS Lambda functions.

    Once a scan is complete.
    Results are categorized by vulnerability type with actionable guidance to help developers understand what the vulnerability is and how to fix it.

Click here to check us out on AWS Marketplace! 

To learn more about CodeSec and all its capabilities, click here.



Orlando Villanueva

Orlando Villanueva

Sr.Product Marketing Manager, CodeSec, Contrast Security