DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

Cover image for Secure Open Source Code in minutes for free with CodeSec

Secure Open Source Code in minutes for free with CodeSec

Contrast Security is expanding its free developer tool, CodeSec, to include Open Source Security (OSS) and Software Bill of Material (SBOM) creation with its new SCA capability. Empowering developers to Identify vulnerable libraries in OSS and receive actionable remediation guidance, allowing them to ship code faster. The new feature will also enable users to manage software supply chain risk by allowing them to create SBOMs with ease.

What is CodeSec?
Contrast’s new free developer tool brings the fastest and most accurate scanner on the market right to developers for free. By packaging the same scanning engine used in our Contrast Security platform into a simple command-line interface (CLI), CodeSec empowers developers to scan, secure, and ship their code in minutes.

Getting Started with CodeSec - SCA in just 3 steps

1. Open a command-prompt or terminal, then install with NPM, Homebrew or by downloading binaries from Artifactory:

For this example will be using NPM. For other install options click here.

npm install -g @contrast/contrast
Enter fullscreen mode Exit fullscreen mode

2. Authenticate using your existing GitHub or Google account.

contrast auth
Enter fullscreen mode Exit fullscreen mode

3. Time to Scan your Open Source!

Navigate to your chosen directory.
Then run a SCA scan on your Java, Javascript, Python, Ruby, GO, PHP, .NET code with the following command.

contrast audit
Enter fullscreen mode Exit fullscreen mode

CodeSec SCA Output

In minutes CodeSec by Contrast will report all vulnerabilities found with actionable remediation guidance.

Happy Scanning!

Top comments (1)

Collapse
rpresser profile image
Ross Presser

Can I ask what the need for a Google or Github account is?

Hacktoberfest is happening now!



It is a month-long celebration of open source. For a lot of devs, its their introduction to open source.


Check out the Hacktoberfest tag on DEV to keep up with the latest!