Contrast Security is expanding its free developer tool, CodeSec, to include Open Source Security (OSS) and Software Bill of Material (SBOM) creation with its new SCA capability. Empowering developers to Identify vulnerable libraries in OSS and receive actionable remediation guidance, allowing them to ship code faster. The new feature will also enable users to manage software supply chain risk by allowing them to create SBOMs with ease.
What is CodeSec?
Contrast’s new free developer tool brings the fastest and most accurate scanner on the market right to developers for free. By packaging the same scanning engine used in our Contrast Security platform into a simple command-line interface (CLI), CodeSec empowers developers to scan, secure, and ship their code in minutes.
Getting Started with CodeSec - SCA in just 3 steps
1. Open a command-prompt or terminal, then install with NPM, Homebrew or by downloading binaries from Artifactory:
For this example will be using NPM. For other install options click here.
npm install -g @contrast/contrast
2. Authenticate using your existing GitHub or Google account.
contrast auth
3. Time to Scan your Open Source!
Navigate to your chosen directory.
Then run a SCA scan on your Java, Javascript, Python, Ruby, GO, PHP, .NET code with the following command.
contrast audit
In minutes CodeSec by Contrast will report all vulnerabilities found with actionable remediation guidance.
Happy Scanning!
Oldest comments (4)
Can I ask what the need for a Google or Github account is?
Hi Ross, we ask users to connect with the existing google or GitHub account in order to create an account for them in our servers, so they may utilize our scanning tools.
Follow up question: Can CodeSec be used on local repositories that have no connection with GitHub or any other cloud repo whatsoever, and never will?
Yes they can still use the CLI to access CodeSec