Giter VIP home page Giter VIP logo

contrast's Introduction

CodeSec by Contrast Security

CodeSec delivers:

  • The fastest and most accurate SAST scanner.
  • Immediate and actionable results — scan code and serverless environments.
  • A frictionless and seamless sign-in process with GitHub or Google Account. From start to finish in minutes.
  • By running a scan on your lambda functions, you can find: Least privilege identity and access management (IAM) vulnerabilities (over permissive policies) and remediation.

Install

NPM:

npm install --location=global @contrast/contrast

Homebrew:

brew tap contrastsecurity/tap

brew install contrast

Binaries:

  1. Go to https://pkg.contrastsecurity.com/ui/repos/tree/General/cli

  2. Select your operating system under the cli folder and download the package.

  3. You must allow execute permissions on the file depending on your OS.

Authenticate

Authenticate by entering contrast auth in the terminal.

In the resulting browser window, log in and authenticate with your GitHub or Google credentials.

Run a scan

SAST scan

Requirements

Make sure you have the correct file types to scan.

  • Upload a .jar or .war file to scan a Java project for analysis
  • Upload a .js or .zip file to scan a JavaScript project for analysis
  • Upload a .exe. or .zip file to scan a .NET c# web forms project

Start scanning

Use the Contrast scan command contrast scan

Lambda function scan

Requirements

  • Currently supports Java and Python functions on AWS. Configure AWS credentials on your local environment by running the commands with your credentials:
export AWS_DEFAULT_REGION=<YOUR_AWS_REGION>
export AWS_ACCESS_KEY_ID=<YOUR_ACCESS_KEY_ID>
export AWS_SECRET_ACCESS_KEY=<YOUR_SECRET_ACCESS_KEY>

Start scanning

Use contrast lambda to scan your AWS Lambda functions. contrast lambda --function-name MyFunctionName --region my-aws-region

Contrast commands

auth

Authenticate Contrast using your GitHub or Google account. A new browser window will open for login.

Usage: contrast auth

config

Displays stored credentials.

Usage: contrast config

Options:

  • -c, --clear - Removes stored credentials.

scan

Performs a security SAST scan.

Usage: contrast scan [option]

Options:

  • contrast scan --file

    • Path of the file you want to scan. Contrast searches for a .jar, .war, .js. or .zip file in the working directory if a file is not specified.
    • Alias: --f

  • contrast scan --name

    • Contrast project name. If not specified, Contrast uses contrast.settings to identify the project or creates a project.
    • Alias: –n

  • contrast scan --save

    • Download the results to a Static Analysis Results Interchange Format (SARIF) file. The file is downloaded to the current working directory with a default name of results.sarif. You can view the file with any text editor.
    • Alias: -s

  • contrast scan --timeout

    • Time in seconds to wait for the scan to complete. Default value is 300 seconds.
    • Alias: -t

lambda

Name of AWS lambda function to scan.

Usage: contrast lambda --function-name

Options:

  • contrast lambda --function-name --endpoint-url AWS Endpoint override. Similar to AWS CLI. Alias: -e

  • contrast lambda --function-name --region Region override. Defaults to AWS_DEFAULT_REGION. Similar to AWS CLI. Alias: -r

  • contrast lambda --function-name --profile AWS configuration profile override. Similar to AWS CLI. Alias: -p

  • contrast lambda --function-name --json Return response in JSON (versus default human-readable format). Alias: -j

  • contrast lambda -–function-name -–verbose Returns extended information to the terminal. Alias: -v

  • contrast lambda -–function-name --list-functions Lists all available lambda functions to scan.

  • contrast lambda --function-name -–help Displays usage guide. Alias: -h

help

Displays usage guide. To list detailed help for any CLI command, add the -h or --help flag to the command. Usage: contrast scan --help Alias: -h

version

Displays version of Contrast CLI. Usage: contrast version Alias: -v, --version

contrast's People

Contributors

awshanks avatar jgranick avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

jgranick galoberlyn

contrast's Issues

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.