Fork me on GitHub
Built by Maven

contrast:scan

Full name:

com.contrastsecurity:contrast-maven-plugin:2.13.3:scan

Description:

Analyzes the Maven project's artifact with Contrast Scan to provide security insights

Attributes:

  • Requires a Maven project to be executed.
  • Since version: 2.13.0.
  • Binds by default to the lifecycle phase: integration-test.
  • Requires that Maven runs in online mode.

Required Parameters

Name Type Since Description
<apiKey> String 2.13.0 API Key for communicating with Contrast. Find your personal keys
User property is: apiKey.
<organizationId> String 2.13.0 Unique ID for the Contrast Organization to which the plugin reports results. Find your Organization ID
Alias is: orgUuid.
<serviceKey> String 2.13.0 Service Key for communicating with Contrast. Find your personal keys
User property is: serviceKey.
<userName> String 2.13.0 User name for communicating with Contrast. Agent users lack permissions required by this plugin. Find your personal keys
Alias is: username.

Optional Parameters

Name Type Since Description
<artifactPath> File 2.13.0 File path of the Java artifact to upload for scanning. By default, uses the path to this module's Maven artifact produced in the package phase.
<consoleOutput> boolean 2.13.0 When true, will output a summary of the scan results to the console (build log).
Default value is: true.
<label> String 2.13.0 A label to distinguish this scan from others in your project
Default value is: ${project.version}.
<outputPath> File 2.13.0 File path to where the scan results (in SARIF) will be written at the conclusion of the scan. Note: no results are written when waitForResults is false.
Default value is: ${project.build.directory}/contrast-scan-reports/contrast-scan-results.sarif.json.
<projectName> String 2.13.0 Contrast Scan project unique ID to which the plugin runs new Scans. This will be replaced imminently with a project name
Default value is: ${project.name}.
User property is: project.
<proxyHost> String 2.8 Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
User property is: proxyHost.
<proxyPort> int 2.8 Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
User property is: proxyPort.
<timeoutMs> long 2.13.0 Maximum time (in milliseconds) to wait for a Scan to complete. Scans that exceed this threshold fail this goal.
Default value is: 300000.
<url> String 2.13.0 Contrast API URL
Default value is: https://app.contrastsecurity.com/Contrast/api.
Alias is: apiUrl.
<useProxy> boolean 2.8 Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
Default value is: false.
User property is: useProxy.
<waitForResults> boolean 2.13.0 When true, will wait for and retrieve scan results before completing the goal. Otherwise, will start a scan then complete the goal without waiting for Contrast Scan to complete.
Default value is: true.

Parameter Details

<apiKey>

API Key for communicating with Contrast. Find your personal keys
  • Type: java.lang.String
  • Since: 2.13.0
  • Required: Yes
  • User Property: apiKey

<artifactPath>

File path of the Java artifact to upload for scanning. By default, uses the path to this module's Maven artifact produced in the package phase.
  • Type: java.io.File
  • Since: 2.13.0
  • Required: No

<consoleOutput>

When true, will output a summary of the scan results to the console (build log).
  • Type: boolean
  • Since: 2.13.0
  • Required: No
  • Default: true

<label>

A label to distinguish this scan from others in your project
  • Type: java.lang.String
  • Since: 2.13.0
  • Required: No
  • Default: ${project.version}

<organizationId>

Unique ID for the Contrast Organization to which the plugin reports results. Find your Organization ID
  • Type: java.lang.String
  • Since: 2.13.0
  • Required: Yes
  • Alias: orgUuid

<outputPath>

File path to where the scan results (in SARIF) will be written at the conclusion of the scan. Note: no results are written when waitForResults is false.
  • Type: java.io.File
  • Since: 2.13.0
  • Required: No
  • Default: ${project.build.directory}/contrast-scan-reports/contrast-scan-results.sarif.json

<projectName>

Contrast Scan project unique ID to which the plugin runs new Scans. This will be replaced imminently with a project name
  • Type: java.lang.String
  • Since: 2.13.0
  • Required: No
  • User Property: project
  • Default: ${project.name}

<proxyHost>

Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
Proxy host used to communicate to Contrast when useProxy is true
  • Type: java.lang.String
  • Since: 2.8
  • Required: No
  • User Property: proxyHost

<proxyPort>

Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
Proxy port used to communicate to Contrast when useProxy is true
  • Type: int
  • Since: 2.8
  • Required: No
  • User Property: proxyPort

<serviceKey>

Service Key for communicating with Contrast. Find your personal keys
  • Type: java.lang.String
  • Since: 2.13.0
  • Required: Yes
  • User Property: serviceKey

<timeoutMs>

Maximum time (in milliseconds) to wait for a Scan to complete. Scans that exceed this threshold fail this goal.
  • Type: long
  • Since: 2.13.0
  • Required: No
  • Default: 300000

<url>

Contrast API URL
  • Type: java.lang.String
  • Since: 2.13.0
  • Required: No
  • Default: https://app.contrastsecurity.com/Contrast/api
  • Alias: apiUrl

<useProxy>

Deprecated. in a future release, we will remove the proprietary proxy configuration in favor of standard Maven proxy configuration
When true, will override Maven's proxy settings with Contrast Maven plugin specific proxy configuration
  • Type: boolean
  • Since: 2.8
  • Required: No
  • User Property: useProxy
  • Default: false

<userName>

User name for communicating with Contrast. Agent users lack permissions required by this plugin. Find your personal keys
  • Type: java.lang.String
  • Since: 2.13.0
  • Required: Yes
  • Alias: username

<waitForResults>

When true, will wait for and retrieve scan results before completing the goal. Otherwise, will start a scan then complete the goal without waiting for Contrast Scan to complete.
  • Type: boolean
  • Since: 2.13.0
  • Required: No
  • Default: true