SECURITY INFLUENCERS BLOG

Security influencers provide real-world insight and “in-the-trenches” experiences on topics ranging from application security to DevOps and risk management

START FREE TRIAL

Contrast releases new open source integrations to transform DevOps into DevSecOps

Contrast is tailor-made for powering appsec in devops organizations. It's instant, accurate, powerful, and scalable. It installs and runs exactly like New Relic or AppDynamics, but for security not performance.  If you've licensed Contrast and want to integrate it into your development process, you can use these free and open source plugins.

The Contrast Maven Plugin makes it simple to use Contrast in development and continuous integration environments. The plugin ensures the latest Contrast Agent is a part of your project and automatically enables security analysis while test cases and Selenium scripts are executed. No other configuring, tailoring, or tuning is required, so you effectively get double-duty out of your normal QA automation.

You can manage the use of Contrast in your build process with the Contrast Jenkins Plugin. This plugin coordinates with the Contrast TeamServer, and can fail a build that has excessive vulnerabilities. The threshold is configurable based on the type and number of vulnerabilities discovered. Support for Gradle is imminent. 

severity-trends.png

Contrast is effectively a big-data approach to application security. The Contrast TeamServer has real time application security data across the entire portfolio of applications, including inventory, vulnerabilities, libraries, servers, and attacks.

If you want to pull this wealth of security data into your own tools and dashboards, Contrast offers a full REST API. There are extensive API docs available at https://api.contrastsecurity.com.  Or you can use the Contrast SDK to build your own tools to pull the data from the TeamServer. Everything available in the Contrast TeamServer can be accessed via this API and SDK.

Also for those of you into ChatOps, Contrast has built in notifications.  You can get your alerts via email, in app alerts, and coming very soon... webhooks for integrating with just about everything.  I'll write about that soon.

For a simple approach to achieving application security without interrupting modern software development, check out the Continuous Application Security Handbook free download.

 

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. Previously, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by Ernst & Young. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years.

SUBSCRIBE TO THE BLOG