Fork me on GitHub
Built by Maven

contrast:install

Full name:

com.contrastsecurity:contrast-maven-plugin:2.13.2:install

Description:

Includes the Contrast Java agent in integration testing to provide Contrast Assess runtime security analysis.

Attributes:

  • Requires a Maven project to be executed.
  • Binds by default to the lifecycle phase: validate.
  • Requires that Maven runs in online mode.

Required Parameters

Name Type Since Description
<apiKey> String - API Key for communicating with Contrast. Find your personal keys
User property is: apiKey.
<organizationId> String - Unique ID for the Contrast Organization to which the plugin reports results. Find your Organization ID
Alias is: orgUuid.
<serviceKey> String - Service Key for communicating with Contrast. Find your personal keys
User property is: serviceKey.
<userName> String - User name for communicating with Contrast. Agent users lack permissions required by this plugin. Find your personal keys
Alias is: username.

Optional Parameters

Name Type Since Description
<appId> String 2.5 ID of the application as seen in Contrast. Either the appId or appName is required. If both are specified, Contrast uses the appId and ignores the appName.
User property is: appId.
<appName> String - Override the reported application name.

On Java systems where multiple, distinct applications may be served by a single process, this configuration causes the agent to report all discovered applications as one application with the given name.


User property is: appName.
<appVersion> String - The appVersion metadata associated with Contrast analysis findings. Allows users to compare vulnerabilities between applications versions, CI builds, etc. Contrast generates the appVersion in the following order:
  1. The appVersion as configured in the plugin properties.
  2. If your build is running in TravisCI, Contrast will use appName-$TRAVIS_BUILD_NUMBER.
  3. If your build is running in CircleCI, Contrast will use appName-$CIRCLE_BUILD_NUM.
  4. If none of the above apply, Contrast will use a timestamp appName-yyyyMMddHHmmss format.

User property is: appVersion.
<applicationSessionMetadata> String 2.9 Define a set of key=value pairs (which conforms to RFC 2253) for specifying user-defined metadata associated with the application. The set must be formatted as a comma-delimited list. of key=value pairs.

Example - "business-unit=accounting, office=Baltimore"


User property is: applicationSessionMetadata.
<applicationTags> String 2.9 Tags to apply to the Contrast application. Must be formatted as a comma-delimited list.
User property is: applicationTags.
<environment> String 2.9 Override the reported server environment https://docs.contrastsecurity.com/en/server-configuration.html.
User property is: environment.
<jarPath> String - Path to an existing Contrast Java agent JAR. Specifying this configures the plugin to omit the "retrieve Contrast JAR" step.
User property is: jarPath.
<proxyHost> String 2.8 Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
User property is: proxyHost.
<proxyPort> int 2.8 Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
User property is: proxyPort.
<serverName> String - Overrides the reported server name
User property is: serverName.
<serverPath> String 2.1 Override the reported server path. Default is the present working directory of the JVM process Contrast is attached to.

In a multi-module build, the default value may lead Contrast to report a unique server per module. Multi-module Maven builds can appear as different servers in the Contrast UI. If you would like to discourage this behavior and would rather see all modules appear under the same server in Contrast, use this property to set a common server path across modules.


User property is: serverPath.
<skipArgLine> boolean 2.0 When true, will not alter the Maven argLine property.
User property is: skipArgLine.
<standalone> boolean 2.2 When "true", will configure Contrast to treat this as a standalone application (e.g. one that uses an embedded web server vs war packaging).
User property is: standalone.
<url> String - Contrast API URL
Default value is: https://app.contrastsecurity.com/Contrast/api.
Alias is: apiUrl.
<useProxy> boolean 2.8 Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
Default value is: false.
User property is: useProxy.

Parameter Details

<apiKey>

API Key for communicating with Contrast. Find your personal keys
  • Type: java.lang.String
  • Required: Yes
  • User Property: apiKey

<appId>

ID of the application as seen in Contrast. Either the appId or appName is required. If both are specified, Contrast uses the appId and ignores the appName.
  • Type: java.lang.String
  • Since: 2.5
  • Required: No
  • User Property: appId

<appName>

Override the reported application name.

On Java systems where multiple, distinct applications may be served by a single process, this configuration causes the agent to report all discovered applications as one application with the given name.

  • Type: java.lang.String
  • Required: No
  • User Property: appName

<appVersion>

The appVersion metadata associated with Contrast analysis findings. Allows users to compare vulnerabilities between applications versions, CI builds, etc. Contrast generates the appVersion in the following order:
  1. The appVersion as configured in the plugin properties.
  2. If your build is running in TravisCI, Contrast will use appName-$TRAVIS_BUILD_NUMBER.
  3. If your build is running in CircleCI, Contrast will use appName-$CIRCLE_BUILD_NUM.
  4. If none of the above apply, Contrast will use a timestamp appName-yyyyMMddHHmmss format.
  • Type: java.lang.String
  • Required: No
  • User Property: appVersion

<applicationSessionMetadata>

Define a set of key=value pairs (which conforms to RFC 2253) for specifying user-defined metadata associated with the application. The set must be formatted as a comma-delimited list. of key=value pairs.

Example - "business-unit=accounting, office=Baltimore"

  • Type: java.lang.String
  • Since: 2.9
  • Required: No
  • User Property: applicationSessionMetadata

<applicationTags>

Tags to apply to the Contrast application. Must be formatted as a comma-delimited list.
  • Type: java.lang.String
  • Since: 2.9
  • Required: No
  • User Property: applicationTags

<environment>

Override the reported server environment https://docs.contrastsecurity.com/en/server-configuration.html.
  • Type: java.lang.String
  • Since: 2.9
  • Required: No
  • User Property: environment

<jarPath>

Path to an existing Contrast Java agent JAR. Specifying this configures the plugin to omit the "retrieve Contrast JAR" step.
  • Type: java.lang.String
  • Required: No
  • User Property: jarPath

<organizationId>

Unique ID for the Contrast Organization to which the plugin reports results. Find your Organization ID
  • Type: java.lang.String
  • Required: Yes
  • Alias: orgUuid

<proxyHost>

Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
Proxy host used to communicate to Contrast when useProxy is true
  • Type: java.lang.String
  • Since: 2.8
  • Required: No
  • User Property: proxyHost

<proxyPort>

Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
Proxy port used to communicate to Contrast when useProxy is true
  • Type: int
  • Since: 2.8
  • Required: No
  • User Property: proxyPort

<serverName>

Overrides the reported server name
  • Type: java.lang.String
  • Required: No
  • User Property: serverName

<serverPath>

Override the reported server path. Default is the present working directory of the JVM process Contrast is attached to.

In a multi-module build, the default value may lead Contrast to report a unique server per module. Multi-module Maven builds can appear as different servers in the Contrast UI. If you would like to discourage this behavior and would rather see all modules appear under the same server in Contrast, use this property to set a common server path across modules.

  • Type: java.lang.String
  • Since: 2.1
  • Required: No
  • User Property: serverPath

<serviceKey>

Service Key for communicating with Contrast. Find your personal keys
  • Type: java.lang.String
  • Required: Yes
  • User Property: serviceKey

<skipArgLine>

When true, will not alter the Maven argLine property.
  • Type: boolean
  • Since: 2.0
  • Required: No
  • User Property: skipArgLine

<standalone>

When "true", will configure Contrast to treat this as a standalone application (e.g. one that uses an embedded web server vs war packaging).
  • Type: boolean
  • Since: 2.2
  • Required: No
  • User Property: standalone

<url>

Contrast API URL
  • Type: java.lang.String
  • Required: No
  • Default: https://app.contrastsecurity.com/Contrast/api
  • Alias: apiUrl

<useProxy>

Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
When true, will override Maven's proxy settings with Contrast Maven plugin specific proxy configuration
  • Type: boolean
  • Since: 2.8
  • Required: No
  • User Property: useProxy
  • Default: false

<userName>

User name for communicating with Contrast. Agent users lack permissions required by this plugin. Find your personal keys
  • Type: java.lang.String
  • Required: Yes
  • Alias: username