APPSEC OBSERVER

The latest trends and tips in DevSecOps through instrumentation and Security Observability.

Subscribe To Blog

Contrast releases new open source integrations to transform DevOps into DevSecOps

Contrast is tailor-made for powering appsec in devops organizations. It's instant, accurate, powerful, and scalable. It installs and runs exactly like New Relic or AppDynamics, but for security not performance.  If you've licensed Contrast and want to integrate it into your development process, you can use these free and open source plugins.

The Contrast Maven Plugin makes it simple to use Contrast in development and continuous integration environments. The plugin ensures the latest Contrast Agent is a part of your project and automatically enables security analysis while test cases and Selenium scripts are executed. No other configuring, tailoring, or tuning is required, so you effectively get double-duty out of your normal QA automation.

You can manage the use of Contrast in your build process with the Contrast Jenkins Plugin. This plugin coordinates with the Contrast TeamServer, and can fail a build that has excessive vulnerabilities. The threshold is configurable based on the type and number of vulnerabilities discovered. Support for Gradle is imminent. 

severity-trends.png

Contrast is effectively a big-data approach to application security. The Contrast TeamServer has real time application security data across the entire portfolio of applications, including inventory, vulnerabilities, libraries, servers, and attacks.

If you want to pull this wealth of security data into your own tools and dashboards, Contrast offers a full REST API. There are extensive API docs available at https://api.contrastsecurity.com.  Or you can use the Contrast SDK to build your own tools to pull the data from the TeamServer. Everything available in the Contrast TeamServer can be accessed via this API and SDK.

Also for those of you into ChatOps, Contrast has built in notifications.  You can get your alerts via email, in app alerts, and coming very soon... webhooks for integrating with just about everything.  I'll write about that soon.

For a simple approach to achieving application security without interrupting modern software development, check out the Continuous Application Security Handbook free download.

 

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

SUBSCRIBE TO THE BLOG