Contrast OSS

Automated Open Source Security software and Compliance

The devops solution to managing open source
software risk from development to production

Contrast Security Review: CSO Magazine – "One of the most elegant solutions out there for application security."

empower development teams to use open source securely AND STAY AHEAD OF RISK TO ENSURE YOUR ORGANIZATION IS PROTECTED

Contrast OSS delivers automated open source risk management by embedding security and compliance checks in applications throughout the development process while performing continuous monitoring in production. Contrast is the only solution that can identify vulnerable components, determine if they are actually used by the application and prevent exploitation at runtime.
End-to-End Automation
OSS-Automation svg

A Fully Automated Solution That Works With Your Existing Workflows

Contrast automatically discovers open source dependencies in your applications, provides critical versioning and usage information, and triggers alerts when risks and policy violations are detected anywhere across the SDLC. Then in production, Contrast automatically monitors, blocks and alerts on attacks targeting open source used in your applications. All of this information is streamed to security and development teams in real-time through the tools they already use, enabling short feedback loops and quick action.

Runtime Assessment and Protection

Not Your Traditional Software Composition Analysis

Catches issues early, remediate faster and block attacks. Unlike traditional SCA tools, Contrast performs runtime analysis to accurately identify whether components are actually used by the application. This intelligence enables you to prioritize and focus remediation efforts on the vulnerabilities that really matter.

Beyond automatically detecting risk, Contrast provides runtime protection so attacks on vulnerable open source are automatically monitored and blocked to prevent exploitation in production.

Continuous Visibility Across the Organization

Always-On Monitoring from Development to Production

Contrast OSS monitors your entire application portfolio, continuously, building and maintaining a complete, up-to-date, software-risk-focused inventory of all your applications and open source. Vulnerabilities and risk intelligence are automatically mapped to applications, servers and environments, so you always know what runs where, and what needs to be secured across the organization.

Self-Updated Intelligence

Self-Updating Software Risk Intelligence

With Contrast, new intelligence and policies are automatically applied via continuous assessment executed in the background of regular functional testing. This eliminates the need for disruptive scans, and re-scans, of code repositories. Early detection of vulnerabilities and licensing risk in the developer environment, continuous verification across your CI/CD pipelines and monitoring in production, ensure your organization is always protected.

Single Deployment; Zero Extra Work

A Single Solution for Your Open Source and Custom Code

Contrast OSS is the only solution that identifies vulnerabilities in open source dependencies and your custom code in a single assessment process. No need to implement multiple tools, orchestrate between different analysis engines, and correlate vulnerabilities. You deploy Contrast once and have immediate visibility into your entire software risk posture.



Discover how Contrast OSS works by deploying an intelligent agent that instruments the application with smart sensors to analyze code in real-time from within the application. In this paper learn how instrumentation works to find vulnerabilities, insecure libraries, and how it compares to other security testing methodologies.

What You Get with Contrast security

Contrast Security is the most accurate, fastest and scalable application security solution in the market.



Unlike legacy application security testing solutions, Contrast produces accurate results without dependence on application security experts. Accuracy comes from Contrast's patented Deep Security Instrumentation technology, which integrates the most effective elements of Interactive (IAST), Static (SAST), and Dynamic (DAST) application security testing technology, software composition analysis (SCA), and configuration analysis, and delivers them directly to applications.
OSS - continuous


Contrast produces a continuous stream of accurate vulnerability and compliance risk information whenever and wherever software is run. Development, QA and Security teams get results as they develop and test software, enabling them to find and fix security flaws early in the software lifecycle, when they are easiest and cheapest to remediate.


Contrast integrates seamlessly into the software lifecycle and the toolsets that development and operations teams are already using. This includes native integration with IDE, ChatOps, ticketing systems and CI/CD tools, as well as a RESTful API. This seamless integration makes Contrast a perfect fit with modern software development techniques, including Agile, DevOps, and modern software architecture and deployment models, including containers, microservices, APIs, cloud-native, etc.


Contrast scales because it instruments application security into each application, delivering security and compliance assessment across an entire application portfolio. Every running application continuously produces results in parallel. This model is very different from legacy approaches which require application security experts – a human element that adds an extra step and does not scale.

modern security model for modern software

Be agile, confidently releasing software as fast as you want, knowing it is secure. Get accurate results, produced continuously, delivered through the channel of your choice -- ChatOps, ticketing systems, email, IDEs, etc.
Focus on providing governance and oversight because Contrast Assess is accurate, continuous and automated. It works perfectly with microservices, APIs, containers and software built to run in the cloud. No more time-wasting tweaks to inaccurate security products!
Build application security into your CI/CD environment with a broad range of native integrations and a RESTful API. Contrast Assess is the only application security tool built from the ground up for Agile and DevOps.

Assessing applications is complex, but Contrast security makes it easy.

See what the new era of self-protecting software looks like. Contact us to schedule your live demo.