Fork me on GitHub

contrast:verify

Full name:

com.contrastsecurity:contrast-maven-plugin:2.13.2:verify

Description:

Verifies that none of the vulnerabilities found by Contrast Assess during integration testing violate the project's security policy (fails the build when violations are detected).

Attributes:

  • Requires a Maven project to be executed.
  • Binds by default to the lifecycle phase: verify.
  • Requires that Maven runs in online mode.

Required Parameters

Name Type Since Description
<apiKey> String - API Key for communicating with Contrast. Find your personal keys
User property is: apiKey.
<organizationId> String - Unique ID for the Contrast Organization to which the plugin reports results. Find your Organization ID
Alias is: orgUuid.
<serviceKey> String - Service Key for communicating with Contrast. Find your personal keys
User property is: serviceKey.
<userName> String - User name for communicating with Contrast. Agent users lack permissions required by this plugin. Find your personal keys
Alias is: username.

Optional Parameters

Name Type Since Description
<appId> String 2.5 ID of the application as seen in Contrast. Either the appId or appName is required. If both are specified, Contrast uses the appId and ignores the appName.
User property is: appId.
<appName> String - Override the reported application name.

On Java systems where multiple, distinct applications may be served by a single process, this configuration causes the agent to report all discovered applications as one application with the given name.


User property is: appName.
<minSeverity> String - Verifies that no vulnerabilities were found at this or a higher severity level. Severity levels include Note, Low, Medium, High, and Critical.
Default value is: Medium.
User property is: minSeverity.
<proxyHost> String 2.8 Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
User property is: proxyHost.
<proxyPort> int 2.8 Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
User property is: proxyPort.
<serverName> String - Overrides the reported server name
User property is: serverName.
<url> String - Contrast API URL
Default value is: https://app.contrastsecurity.com/Contrast/api.
Alias is: apiUrl.
<useProxy> boolean 2.8 Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
Default value is: false.
User property is: useProxy.

Parameter Details

<apiKey>

API Key for communicating with Contrast. Find your personal keys
  • Type: java.lang.String
  • Required: Yes
  • User Property: apiKey

<appId>

ID of the application as seen in Contrast. Either the appId or appName is required. If both are specified, Contrast uses the appId and ignores the appName.
  • Type: java.lang.String
  • Since: 2.5
  • Required: No
  • User Property: appId

<appName>

Override the reported application name.

On Java systems where multiple, distinct applications may be served by a single process, this configuration causes the agent to report all discovered applications as one application with the given name.

  • Type: java.lang.String
  • Required: No
  • User Property: appName

<minSeverity>

Verifies that no vulnerabilities were found at this or a higher severity level. Severity levels include Note, Low, Medium, High, and Critical.
  • Type: java.lang.String
  • Required: No
  • User Property: minSeverity
  • Default: Medium

<organizationId>

Unique ID for the Contrast Organization to which the plugin reports results. Find your Organization ID
  • Type: java.lang.String
  • Required: Yes
  • Alias: orgUuid

<proxyHost>

Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
Proxy host used to communicate to Contrast when useProxy is true
  • Type: java.lang.String
  • Since: 2.8
  • Required: No
  • User Property: proxyHost

<proxyPort>

Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
Proxy port used to communicate to Contrast when useProxy is true
  • Type: int
  • Since: 2.8
  • Required: No
  • User Property: proxyPort

<serverName>

Overrides the reported server name
  • Type: java.lang.String
  • Required: No
  • User Property: serverName

<serviceKey>

Service Key for communicating with Contrast. Find your personal keys
  • Type: java.lang.String
  • Required: Yes
  • User Property: serviceKey

<url>

Contrast API URL
  • Type: java.lang.String
  • Required: No
  • Default: https://app.contrastsecurity.com/Contrast/api
  • Alias: apiUrl

<useProxy>

Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
When true, will override Maven's proxy settings with Contrast Maven plugin specific proxy configuration
  • Type: boolean
  • Since: 2.8
  • Required: No
  • User Property: useProxy
  • Default: false

<userName>

User name for communicating with Contrast. Agent users lack permissions required by this plugin. Find your personal keys
  • Type: java.lang.String
  • Required: Yes
  • Alias: username